SUSE CVE-2021-29617

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

SUSE CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

SUSE CVE-2021-33286

In NTFS-3G versions 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution...

SUSE CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

SUSE CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

SUSE CVE-2022-29458

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library...

SUSE CVE-2022-45416

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

Authentication flaw

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be...

@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability

Impact User-provided strings to formula's parser might lead to polynomial execution time. Patches Users should upgrade to 3.0.1+. Workarounds None...

formula 安全漏洞

formula is a math and string arithmetic library open-sourced by hapi.js. A security vulnerability exists in formula versions prior to 3.0.1, which stems from the fact that carefully crafted string input to the formula parser may result in polynomial execution time and denial of service...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1281)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3299-1] node-qs security update

Debian LTS Advisory DLA-3299-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 30, 2023 https://wiki.debian.org/LTS Package : node-qs Version : 6.5.2-1+deb10u1 CVE ID : CVE-2022-24999 Nathanael Braun and Johan Brissaud discovered a prototype poisoning...

Amazon Linux 2 : unzip (ALAS-2023-1906)

The version of unzip installed on the remote host is prior to 6.0-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1906 advisory. A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null...

The vulnerability in the `convert_strings` function of the `tinfo/read_entry.c` component in the input/output library for the Ncurses terminal control module allows a hacker to access confidential data and also trigger a service denial.

The vulnerability of the convertstrings function in the tinfo/readentry.c component of the input/output library for the Ncurses terminal control module is related to reading data beyond the allowed buffer limits. Exploiting this vulnerability allows an attacker to access confidential data and als...

Security Bulletin: OpenSSL Vulnerability Affects Watson Speech Services

Summary A Redhat OpenSSL Vulnerability affecting Watson Speech Services has been fixed in the latest version of IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.3 Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2023-1157)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2023-1237)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...