190 matches found
CLSA-2024-1731341386 bzip2: Fix of CVE-2019-12900
CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...
CLSA-2024-1731340993 bzip2: Fix of CVE-2019-12900
CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...
CLSA-2024-1731337736 bzip2: Fix of CVE-2019-12900
CVE-2019-12900: accept as many selectors as the file format allows but ignore any larger than the theoretical maximum, BZMAXSELECTORS...
Fedora: Security Advisory (FEDORA-2024-8a9a692906)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : redis (2024-5d4eb04e76)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d4eb04e76 advisory. Redis Community Edition 7.2.6 Released Wed 02 Oct 2024 20:17:04 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2024-3144...
CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...
redis,valkey -- Multiple vulnerabilities
Redis core team reports: CVE-2024-31449 Lua library commands may lead to stack overflow and potential RCE. CVE-2024-31227 Potential Denial-of-service due to malformed ACL selectors. CVE-2024-31228 Potential Denial-of-service due to unbounded pattern matching...
GO-2022-0959 Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
Network Policies & Clusterwide Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium...
AZL-43987 CVE-2022-43358 affecting package libsass 3.6.3-3
Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service DoS...
LibSass 缓冲区错误漏洞
LibSass is an open source Sass CSS Extension Language parser written in C. It can be used for a variety of purposes, including parsing and analysis. A security vulnerability exists in LibSass version 3.6.5, which stems from a stack overflow vulnerability in astselectors.cpp in...
_payFallbackGas is not being paid in case selector is 0x07 or 0x08
Lines of code Vulnerability details Impact payFallbackGas gas is not being paid for selectors 0x07 and 0x08 which causes a loss for protocol's execution gas budget. In case Execution budget is not enough then anyFallback will fail. Proof of Concept In payFallbackGas gas should always be paid in...
Code injection
OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...
SUSE CVE-2019-12900
BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...
CVE-2022-44643 Access policy with access to all tenants and using label selectors has more access
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not ...
Fedora: Security Advisory for golang-github-andybalholm-cascadia (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc35
The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...
[SECURITY] Fedora 36 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc36
The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...
Mermaid 跨站脚本漏洞
Mermaid is a software application. Create charts and visualizations using text and code. A cross-site scripting vulnerability exists in Mermaid versions prior to 9.1.3, which stems from the fact that whenever there is an actual match, the browser issues an http request to load a background image,...
CVE-2022-0969
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability i...
CVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access...