Important: golang

Issue Overview: RESERVED NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41724 Golang: net/http, mime/multipart: denial of service from excessive resource consumption https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41725 The ScalarMult and ScalarBaseMult...

Security Bulletin: Vulnerabilities in Golang Go might affect IBM Spectrum Copy Data Management ( CVE-2023-24536, CVE-2023-24537, CVE-2023-24538)

Summary Vulnerabilities in Golang Go might affect IBM Spectrum Copy Data Management. Vulnerabilities include the execution of arbitrary code on the system, denial of service attack, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2023-24536...

Security Bulletin: Vulnerability in Golang Go could affect IBM CICS TX Advanced [CVE-2023-24538]

Summary CVE-2023-24538 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not properly consider backticks as...

SUSE SLES15 Security Update : go1.20 (SUSE-SU-2023:2105-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-2 advisory. - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service...

CVE-2023-24538

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system. Mitigation Mitigation...

SUSE CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a JavaScript string object...

Exploit for Code Injection in Paradox Ipr512_Firmware

Injection vulnerability in Paradox Security Systems IPR512 - C...

Cross-site Scripting in pandao editor.md

pandao Editor.md 1.5.0 allows XSS via the Javasript: string...

GHSA-5Q54-8P9J-X74J Cross-site Scripting in pandao editor.md

pandao Editor.md 1.5.0 allows XSS via the Javasript: string...

Information Disclosure

Microsoft Chakracore is vulnerable to information disclosure. This is due to a use-after-free UAF bug when accessing a local Javascript String buffer, which allows an attacker to obtain sensitive information to perform further attacks against the system...

Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities

Binary data 801345.prm...

Heap overflow

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a JavaScript string object...

CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a JavaScript string object...

CVE-2010-1789

Removed by vendor...

CVE-2010-1988

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than...

CVE-2005-0989

The findreplen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method...