66 matches found
PT-2026-25089
soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...
nanoid: nanoid mishandles non-integer values
A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects: - In browser and non-secure, the code infinite loops on while size-- - In node, the value of poolOffset becomes...
EUVD-2016-10747
Malware in sbrugna...
EUVD-2019-9473
Malware in sbrugna...
EUVD-2014-9681
Malware in sbrugna...
EUVD-2024-3491
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.8
Red Hat OpenShift Service Mesh Containers for 2.5.8 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
Security Bulletin: IBM App Connect Enterprise is vulnerable to non-integer values mishandles due to nanoid (CVE-2024-55565)
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to non-integer value mishandles due to nanoid. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano I...
Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.6.5 security updates and bug fixes
Multicluster Engine for Kubernetes 2.6.5 General Availability release images, which provide enhancements, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
SUSE CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while size-- 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the...
CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
UBUNTU-CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
nanoid 安全漏洞
nanoid Nano ID is a small, secure, URL-friendly, unique string ID generator for JavaScript by the individual developer Andrey Sitnik. A security vulnerability exists in nanoid versions prior to 5.0.9, which stems from improper handling of non-integer values...
CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
CVE-2024-55565
nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version...
Denial Of Service (DoS)
images is vulnerable to Denial Of Service DoS. The vulnerability is due to unexpected input types provided to multiple functions, which can result in a process crash. The attacker can cause a Segmentation fault error by providing specific integer values to the size function...
CVE-2024-21523
All versions of the package images are vulnerable to Denial of Service DoS due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values like 0 to the size...