9 matches found
Regular Expression Denial of Service (ReDoS)
Overview js-video-url-parser is an A parser to extract provider, video id, starttime and others from YouTube, Vimeo, ... urls Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getTime function in lib/util.js. An attacker can cause excessive...
MAL-2025-3953 Malicious code in inter-frontend-lib-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 20b043e0fa1aadc6d1e400a275d7c543cf31f466a312f5cd286fed159f700ec0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2024-22563
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc in openvswitch-2.17.8/lib/util.c...
DEBIAN-CVE-2024-22563
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc in openvswitch-2.17.8/lib/util.c...
UBUNTU-CVE-2024-22563
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc in openvswitch-2.17.8/lib/util.c...
openSUSE Security Update : samba (openSUSE-2020-1819)
This update for samba fixes the following issues : Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. - CVE-2020-14323: Unprivileged user can crash winbind bsc1173994. - CVE-2020-14318: Missing permissions check in...
Security update for samba (important)
openSUSE Security Update: Security update for samba Announcement ID: openSUSE-SU-2020:1819-1 Rating: important References: 1173902 1173994 1177613 Cross-References: CVE-2020-14318 CVE-2020-14323 CVE-2020-14383 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...
openSUSE Security Update : samba (openSUSE-2020-1526)
"This update for samba fixes the following issues : - ZeroLogon: An elevation of privilege was possible with some non default configurations when an attacker established a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol MS-NRPC CVE-2020-147...
Design/Logic Flaw
The 1 shellexec function in lib/util/MiqSshUtilV1.rb and 2 tempcmdfile function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine CFME before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name...