golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

Decoder++ - An Extensible Application For Penetration Testers And Software Developers To Decode/Encode Data Into Various Formats

An extensible application for penetration testers and software developers to decode/encode data into various formats. Setup Decoder++ can be either installed by using pip or by pulling the source from this repository: Install using pip pip3 install decoder-plus-plus Overview This section provides...

Cross-site Scripting (XSS)

Overview scratch-svg-renderer is a SVG renderer for Scratch Affected versions of this package are vulnerable to Cross-site Scripting XSS. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Detai...

golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

Moderate: Red Hat Security Advisory: libsrtp security and bug fix update

An update for libsrtp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific...

OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2020-14040

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to...

Loop with Unreachable Exit Condition (Infinite Loop)

The x/text package for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an...

CVE-2020-12889

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case...

Design/Logic Flaw

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case...

PYSEC-2020-66

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case...

PYSEC-2020-66

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case...

CVE-2020-12889

The CVE-2020-12889 entry concerns MISP-maltego 1.4.4, where the MISP connection is incorrectly shared across users during a remote-transform use case. The issue implies a faulty isolation mechanism between user sessions, allowing cross-user access to the MISP connection. Remediation is noted as a...

CVE-2020-12889

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case...

EulerOS Virtualization for ARM 64 3.0.5.0 : libxslt (EulerOS-SA-2020-1050)

According to the versions of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the...

DEBIAN-CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

Unspecified Vulnerability in Apache Struts2

Apache Struts is the United States Apache Apache Software Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. There is a security...

PT-2019-6390 · Libjpeg Turbo +9 · Libjpeg-Turbo +9

Name of the Vulnerable Software and Affected Versions: Libjpeg-turbo versions affected versions not specified Description: The issue is related to a stack-based buffer overflow in the transform component of Libjpeg-turbo. A remote attacker can exploit this by sending a malformed jpeg file,...

Xpdf buffer overflow vulnerability (CNVD-2019-31202)

Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. A buffer overflow vulnerability exists in the IdentityFunction::transform of the Function.cc file in Xpdf version 4.01.01, which can be exploited by an attacker...