Regular Expression Denial Of Service (ReDoS)

terminal-kit is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used in multiple functions of the library, allowing an attacker to crash the application by providing a malicious strings such as '^'.repeatbigNumber...

EulerOS Virtualization 2.9.0 : unzip (EulerOS-SA-2023-1237)

According to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer...

Insufficient Entropy In Randomly-Generated Alphanumeric Strings

github.com/masterminds/goutils has insufficient entropy In randomly-generated alphanumeric strings. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9 which significantly reduces the amount of entropy in short strings...

EulerOS Virtualization 2.9.1 : unzip (EulerOS-SA-2023-1207)

According to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer...

EulerOS Virtualization 2.10.1 : unzip (EulerOS-SA-2023-1157)

According to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer...

EulerOS Virtualization 2.10.0 : unzip (EulerOS-SA-2023-1178)

According to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer...

Prototype Pollution

json5 is vulnerable to prototype pollution. The vulnerability exists in the internalize function in parse.js due to not restricting keys named proto which allows an attacker to inject specially crafted strings to pollute the prototype of the resulting object...

PT-2025-49725

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's IIO subsystem, specifically within the ina2xx driver, related to a NULL pointer dereference during device tree matching. This occurs when the device...

CVE-2021-4238

A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amou...

CVE-2021-4238

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

DEBIAN-CVE-2022-45416

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2022-2860)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2022-2834)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : unzip (EulerOS-SA-2022-2834)

According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. Thi...

EulerOS 2.0 SP10 : unzip (EulerOS-SA-2022-2860)

According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. Thi...

PT-2022-14745 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible permission bypass in strings.xml due to a misleading string, which could lead to remote information disclosure of call logs without requiring additional execution...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

CVE-2022-4311

An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation ...