CVE-2021-43823

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

CVE-2021-43823 Side-channel attack in Sourcegraph

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

Cross-site Scripting (XSS)

ckan is vulnerable to cross-site scripting. The library does not properly sanitize input strings, allowing an attacker to inject and execute malicious javascript via SVG file...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

Spring AMQP 代码问题漏洞

Spring AMQP is the application of core Spring concepts to the development of AMQP-based messaging solutions. A security vulnerability exists in Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, which stems from the Spring AMQP Message object in its toString method, which will create a new...

Business-Dna Solution GmbH TopEase 资源管理错误漏洞

Business-Dna Solution GmbH TopEase is a "transformation risk" solution from the Swiss company Business-Dna Solution GmbH. Business-Dna Solution GmbH TopEase is vulnerable to an input validation error that could be exploited to insert arbitrarily long strings and eventually exhaust the underlying...

Emoji-Button Cross-Site Scripting Vulnerability

Emoji-Button is a native JavaScript emoji selector. emoji-Button is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of URLs and i18n strings in the software for custom emoji, which could be exploited by an attacker to craft an inpu...

Emoji-Button 跨站脚本漏洞

Emoji-Button is a native JavaScript emoji selector. emoji-Button is vulnerable to a cross-site scripting vulnerability that stems from the lack of effective filtering and validation of URLs and i18n strings in the software for custom emoji, which could be exploited by an attacker to craft an inpu...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

ZOHO ManageEngine Remote Access Plus Information Disclosure Vulnerability

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a...

CVE-2021-42956

Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dum...

ZOHO ManageEngine Remote Access Plus 安全漏洞

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a...

Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2021-2668)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2021-2666)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...

EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2021-2667)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a fie...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...