3357 matches found
SUSE CVE-2024-42330
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...
SUSE CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect call to the BPFLINKTYPE macro to register a link type, which can lead to out-of-bounds access...
GHSA-RQC4-2HC7-8C8V virtualenv allows command injection through activation scripts for a virtual environment
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
PYSEC-2024-187
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
PYSEC-2024-187
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
AZL-53645 CVE-2024-53899 affecting package python-virtualenv for versions less than 20.26.6-1
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
UBUNTU-CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
CVE-2024-53899 affects python-virtualenv: versions older than 20.26.6-1 are vulnerable to command injection via activation scripts due to unquoted/magic template strings during activation. The issue is remedied in newer packages (≥ 20.26.6-1); upgrade to the patched release to mitigate. Connected...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem with flexspi compatibility strings. No details of the vulnerability are provided at this time...
python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()
A vulnerability was found in Python-Django in the getsupportedlanguagevariant function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack...
kernel: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
A memory leak was found in the Linux kernel's Xen SMP interrupt initialization functions for x86 architectures. When interrupt handler binding fails during setup, the error path frees various resources but neglects to free dynamically allocated interrupt name strings created via kasprintf. This...
CVE-2024-50340 Ability to change environment from query in symfony/runtime
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
OPENSUSE-SU-2024:0351-1 Security update for python-mysql-connector-python
This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build support for DEB packages - WL16442: Upgrade gssapi version to 1.8.3 -...
python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()
A vulnerability was found in Python-Django in the getsupportedlanguagevariant function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack...
CVE-2024-9147
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...
CVE-2024-9147
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...
CVE-2024-9147
Summary: CVE-2024-9147 concerns a Basic XSS in Bna Informatics PosPratik prior to v3.2.1 due to improper neutralization of script-related HTML tags in HTTP query strings. Affected product/version: PosPratik pre-3.2.1. Root cause: insufficient sanitization of user-supplied input in query strings l...