1089 matches found
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
CVE-2023-27985 affects Emacs up to version 28.2, specifically emacsclient-mail.desktop, where a crafted mailto: URI enables shell command injections due to Desktop Entry Specification noncompliance. The issue is documented as fixed in Emacs 29.0.90. Affected products/versions inferred from multip...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
CVE-2023-27985
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...
Avoid The Randomness From The Sky
This is a plea for cryptography specification authors. If your protocol uses randomness, please make it a deterministic function that takes a fixed-size string of random bytes , and publish known-answer tests for it. This whole issue could really be just the paragraph above, but I feel like I nee...
EIP Stack Group OpENer SetAttributeList attribute_count_request out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1662 EIP Stack Group OpENer SetAttributeList attributecountrequest out-of-bounds write vulnerability February 23, 2023 CVE Number CVE-2022-43605 SUMMARY An out-of-bounds write vulnerability exists in the SetAttributeList attributecountrequest functionality of...
K73710094: XSS vulnerability in undisclosed page of the NGINX Swagger UI
Security Advisory Description An issue in the swagger-ui, the third-party component bundled in the NGINX Plus packages, may expose an XSS security risk. The purpose of the swagger-ui is to provide interactive documentation for the API specification supplied in a swagger YAML file and used in the...
K74013101: Binutils vulnerability CVE-2021-42574
Security Advisory Description An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of...
K51813353: Linux Kernel vulnerability CVE-2019-9506
Security Advisory Description The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traff...
Hitachi Energy FOX61x 安全漏洞
The Hitachi Energy FOX61x series is an outstanding multi-service multiplexer from Hitachi, Japan that extends existing communication infrastructures and enables smooth migration to future technologies. A security vulnerability exists in Hitachi Energy FOX61x TEGO1, which stems from a problem in t...
CVE-2020-12413
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...
CVE-2020-12413
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...
CVE-2020-12413
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...
Design/Logic Flaw
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...
CVE-2020-12413
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...
SUSE CVE-2015-1353
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it cannot be considered a security issue in the originally named product because of that product's specification. Notes: none...
SUSE CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
SUSE CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode CFB malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code MDC feature or accept an obsolete...
SUSE CVE-2018-10892
The default OCI linux spec in oci/defaultslinux.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness...