2272 matches found
Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an ema...
Regular Expression Denial Of Service (ReDoS)
markdown-link-extractor is vulnerable to regular expression denial of service. An attacker can crash the application by providing malicious input to the module.exports function of index.js due to the insecure regex pattern used for the image parameter...
Regular Expression Denial Of Service (ReDoS)
devcert is vulnerable to regular expression denial of service. An attacker can crash the application by providing a malicious input to the certificateFor function of index.ts due to the insecure regex pattern used for VALIDIP and VALIDDOMAIN parameters...
CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...
CVE-2022-25237
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API...
CVE-2022-1834
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an ema...
CVE-2022-1834
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...
fapolicyd: fapolicyd wrongly prepares ld.so path
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker...
Mozilla Thunderbird < 91.10
The version of Thunderbird installed on the remote Windows host is prior to 91.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-22 advisory. - Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs...
Frida-Ios-Hook - A Tool That Helps You Easy Trace Classes, Functions, And Modify The Return Values Of Methods On iOS Platform
A tool that helps you can easy using frida. It support script for trace classes, functions, and modify the return values of methods on iOS platform. For Android platform: frida-android-hook For Intercept Api was encrypted on iOS application: frida-ios-interceprt-api Env OS Support OS |...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pattern attribute in form inputs. An attacker can inject HTML or execute arbitrary JavaScript by crafting malicious input that exploits improper escaping of thi...
CLSA-2022-1653329020 Fix CVE(s): CVE-2022-1629, CVE-2022-1616, CVE-2022-1620, CVE-2022-1621, CVE-2022-1619
SECURITY UPDATE: Going before the start of the command line - debian/patches/CVE-2022-1619.patch: Check already being at the start of the command line - CVE-2022-1619 SECURITY UPDATE: NULL pointer access when using invalid pattern - debian/patches/CVE-2022-1620.patch: Check for failed regexp...
CVE-2022-21195
All versions of package url-regex are vulnerable to Regular Expression Denial of Service ReDoS which can cause the CPU usage to crash...
CVE-2022-30065
A flaw was found in BusyBox. It did not properly sanitize while processing a crafted awk pattern, leading to possible code execution...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...
CVE-2022-30065
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function...