GHSA-4Q6P-R6V2-JVC5 Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

DEBIAN-CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

Rollout::UI 跨站脚本漏洞

Rollout::UI is a minimalist UI software from the fetlife community. A security vulnerability exists in Rollout::UI, which stems from the function name in the confirmation dialog not being properly escaped. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

SUSE CVE-2009-1577

Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long 1 function name or 2 symbol in a source-code file...

SUSE CVE-2012-1600

Multiple cross-site scripting XSS vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 type of a function...

SUSE CVE-2017-7224

The findnearestline function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write of size 1 while disassembling a corrupt binary that contains an empty function name, leading to a program crash...

CVE-2022-36058 elrond-go MultiESDTNFTTransfer call on a SC address with missing function name

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...

CVE-2022-36058 elrond-go MultiESDTNFTTransfer call on a SC address with missing function name

Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.34, anyone who uses elrond-go to process blocks historical or actual could encounter a MultiESDTNFTTransfer transaction like this: MultiESDTNFTTransfer with a missing function name. Basic functionality li...

GHSA-QF7J-25G9-R63F elrond-go MultiESDTNFTTransfer call on a SC address with missing function name

Impact Anyone who uses elrond-go to process blocks historical or actual that contains a transaction like this: MultiESDTNFTTransfer@01@54444558544b4b5955532d323631626138@00@0793afc18c8da2ca@ mind the missing function name after the last @ Basic functionality like p2p messaging, storage, API...

Duplicate

This advisory duplicates another...

Swivel.sol is missing authRedeem() function called in Marketplace.sol

Lines of code Vulnerability details Impact A user redeems or withdraws from their ZcToken by calling ZcToken.withdraw or ZcToken.redeem. Both of these functions then call MarketPlace.authRedeem which in turn calls Swivel.authRedeem. The issue is that Swivel.sol does not have an authRedeem functio...

CVE-2022-32051

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN004133c4...

CVE-2022-32053

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN0041621c...

CVE-2022-32047

TOTOLINK T6 V4.1.9cu.5179B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN00412ef4...

USN-5348-3 smarty3 vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

CVE-2022-29399

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN00415bf0...

CVE-2022-29398

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN0041309c...

DEBIAN-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...