PT-2021-7848 · Unknown +7 · Oci Distribution Specification +7

Name of the Vulnerable Software and Affected Versions: OCI Distribution Specification versions 1.0.0 and prior Description: The issue concerns the OCI Distribution Specification, which defines an API protocol for content distribution. In versions 1.0.0 and prior, the Content-Type header alone was...

Oci Distribution-Spec 代码问题漏洞

Oci Distribution-Spec is an Oci distribution specification. A code issue vulnerability exists in Oci Distribution-Spec that stems from the product's use of the Content-Type header to determine the document type, among other actions. An attacker could use this vulnerability to cause text content t...

Mozilla Firefox Security Advisory (MFSA2015-110) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Oracle Linux 7 : binutils (ELSA-2021-4033)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4033 advisory. 2.27-44.base.0.3.1 - Forward-port patches to 2.27-44.base.1 - Reviewed-by: Jose E. Marchesi 2.27-44.base.0.2.1 - Forward-port patches to 2.27-44.base.1 -...

CVE-2021-42694

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

Design/Logic Flaw

DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by...

Security feature bypass

DISPUTED An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage...

CVE-2021-42694

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to...

CVE-2021-42694

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to...

Unicode 代码注入漏洞

Unicode Universal Character Set is a universal character encoding standard organized by the Unicode Consortium. It is used to assign a code to every character and symbol in every language in the world. A code injection vulnerability exists in Unicode Specification version 14.0 and prior versions,...

PT-2021-4640 · Unknown · Unicode Specification

Name of the Vulnerable Software and Affected Versions: Unicode Specification versions through 14.0 Description: An issue was discovered in the character definitions of the Unicode Specification. The specification allows an adversary to produce source code identifiers, such as function names, usin...

PT-2021-4639 · Atlassian +8 · Jira Service Management Server +11

Name of the Vulnerable Software and Affected Versions: Unicode Specification versions prior to 14.0 Jira Service Management affected versions not specified Jira Software affected versions not specified Jira Work Management affected versions not specified Description: The issue is related to the...

CVE-2021-42694

CVE-2021-42694 concerns homoglyph-based Trojan Source in Unicode handling up to at least Unicode 14.0. Attackers can craft source code identifiers that render visually identical to legitimate names, enabling injection or concealment of code in upstream/downstream dependencies. The connected docum...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

Nitro Pro PDF JavaScript TimeOutObject double free vulnerability

Summary An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This...

CVE-2021-41865

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6...

CVE-2021-40084

opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...

Design/Logic Flaw

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...

CVE-2021-30897

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...