EUVD-2019-4150

Malware in sbrugna...

EUVD-2007-3561

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-1919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issu...

OPENSUSE-SU-2024:0294-1 Security update for kanidm

This update for kanidm fixes the following issues: - kanidm version 1.3.3git0.f075d13: Release 1.3.3 Mail substr index 2981...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the substr parameter, which is output in the metrics.erb view of the Web UI without encoding. This reflected cross-site scripting attack can target users of the victim application or others hosted on the sam...

UBUNTU-CVE-2024-32887

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it t...

CVE-2024-32887 Reflected XSS in sidekiq

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it t...

CVE-2024-32887

CVE-2024-32887 is a reflected XSS in Sidekiq’s Web UI where the substr parameter is echoed without encoding, enabling injection of JavaScript into responses and potential targeting of users of Sidekiq Web UI and other applications on the same domain. Affected component: Sidekiq Web UI (Ruby). Roo...

Reflected XSS in Metrics Web Page

Reflected XSS in Sidekiq Web UI via the /metrics HTTP end-point and the substr query param: https://host/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22payload%22%20/%3E...

UBUNTU-CVE-2024-3855

In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox 125...

SUSE CVE-2007-1375

Integer overflow in the substrcompare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991...

SUSE CVE-2007-4783

The iconvsubstr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause 1 a denial of service application crash via a long string in the charset parameter, probably also requiring a long string in the str parameter; or 2 a denial of service temporary application hang via a...

SUSE CVE-2010-2097

The 1 iconvmimedecode, 2 iconvsubstr, and 3 iconvmimeencode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents by causing a userspace interruption of an internal function, related to the call time pass by...

SUSE CVE-2011-1148

Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact by using the same variable for multiple arguments...

SUSE CVE-2012-4465

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via an empty username in the "Author" field in a commit...

SUSE CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

SUSE CVE-2021-29617

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

GHSA-5868-G58J-VRJ5 phpMyAdmin Improper Privilege Management

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

phpMyAdmin Improper Privilege Management

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

GHSA-MMQ6-Q8R3-48FM Crash in `tf.strings.substr` due to `CHECK`-fail

Impact An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments: python import tensorflow as tf tf.strings.substrinput='abc', len=1, pos=1,-1 python import tensorflow as tf tf.strings.substrinput='abc', len=1, pos=1,2 Patches We have received a patch fo...