GO-2022-0411 Insufficient randomness in github.com/Masterminds/goutils

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

CVE-2022-32988

Cross Site Scripting XSS vulnerability in router Asus DSL-N14U-B1 1.1.2.3805 via the "list" parameters e.g. filterlwlist, keywordrulelist, etc in every ".asp" page containing a list of stored strings. The following asp files are affected: 1 cgi-bin/APPInstallation.asp, 2...

CVE-2022-32988

Cross Site Scripting XSS vulnerability in router Asus DSL-N14U-B1 1.1.2.3805 via the "list" parameters e.g. filterlwlist, keywordrulelist, etc in every ".asp" page containing a list of stored strings. The following asp files are affected: 1 cgi-bin/APPInstallation.asp, 2...

ASUS DSL-N14U-B1 跨站脚本漏洞

The ASUS DSL-N14U-B1 is a router device from Asus China. A security vulnerability exists in ASUS DSL-N14U-B1 1.1.2.3805, which originates from the presence of xss triggered via the list parameter in each .asp page containing a list of stored strings...

validate-color Denial of Service Vulnerability (CNVD-2022-66398 )

validate-color is a Norwegian Wallace Sidhrée personal developer for validating HTML colors. A denial of service vulnerability exists in validate-color version v2.1.0, which can be exploited to cause a Regular Expression Denial of Service ReDOS by an attacker who fails to properly handle a crafte...

CVE-2021-40892

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgba strings...

CVE-2021-40892

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgba strings...

Denial of service

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgba strings...

CVE-2021-40892

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgba strings...

deep-get-set 安全漏洞

deep-get-set is used to set and obtain values on objects via dotted strings. deep-get-set package in all versions suffers from a prototype pollution vulnerability that stems from the vulnerability of products to uncontrolled modification of object prototype properties. An attacker could exploit...

MAL-2022-3440 Malicious code in gradient-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85b41f21443655193e21b66bf003d6b42f6bad9f00cc324004094871ca932651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

JerryScript 资源管理错误漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. version 2.4.0 of JerryScript is vulnerable to a memory misquoting vulnerability that originates in ecma-helpers- in ecmacompareecmanondirectstrings. string.c:1940, which is responsible for freeing memory, is garbled. An...

CVE-2022-31753

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability...

Format string

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability...

CVE-2022-31753

The CVE-2022-31753 entry describes a vulnerability in the voice wakeup module where externally-controlled format strings can be exploited, potentially impacting system availability. Connected sources attribute the issue to Huawei/HarmonyOS implementations (notably HarmonyOS 2.0) and reiterate tha...

CVE-2022-31753

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability...

Command Injection

Nuitka is vulnerable to command injection. The vulnerability exists in the main function of main.py, allowing an attacker with the privileges of the running program by setting NUITKAPYTHONPATH, NUITKANAMESPACES or NUITKAPTHIMPORTED to inject and execute malicious payload strings...

Cisco IOS Software FXO Interface Destination Pattern Bypass (cisco-sa-fxo-pattern-bypass-jUXgygYv)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Voice Telephony Service Provider VTSP service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial...

USN-5315-1 ansible vulnerabilities

It was discovered that Ansible did not properly manage directory permissions when running playbooks with an unprivileged become user. A local attacker could possibly use this issue to cause a race condition, escalate privileges and execute arbitrary code. This issue only affected Ubuntu 16.04 ESM...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...