Lucene search
+L

344 matches found

OpenVAS
OpenVAS
added 2023/08/03 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-2549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS4.3AI score0.00428EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/07/09 12:0 a.m.17 views

EulerOS 2.0 SP9 : shadow (EulerOS-SA-2023-2323)

According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not...

3.3CVSS6.5AI score0.00428EPSS
Exploits1References2
Veracode
Veracode
added 2023/06/13 7:17 a.m.19 views

Improper Input Validation

github.com/mattermost/mattermost-server is vulnerable to Improper Input Validation. The vulnerability exists due to not properly validating the Unicode characters in the domain name, which allows an attacker to bypass the domain denylist for link previews by sharing links with Unicode-confusable...

5.3CVSS6.8AI score0.00408EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/05/30 7:15 a.m.14 views

Code injection

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...

5CVSS5.5AI score0.00648EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/04/14 10:15 p.m.16 views

Design/Logic Flaw

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

1.7CVSS4AI score0.00428EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/14 10:15 p.m.51 views

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

3.3CVSS6.6AI score0.00428EPSS
Exploits1References4
OSV
OSV
added 2023/04/14 12:0 a.m.17 views

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

3.3CVSS4.3AI score0.00428EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2022/08/25 8:15 p.m.37 views

CVE-2021-20223

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

7.2AI score
Exploits0References3
Fedora
Fedora
added 2022/05/16 1:9 a.m.36 views

[SECURITY] Fedora 36 Update: chafa-1.8.0-4.fc36

Chafa is a command-line utility that converts all kinds of images, including animated image formats like GIFs, into ANSI/Unicode character output that can be displayed in a terminal. It is highly configurable, with support for alpha transparency and multiple color modes and color spaces, combinin...

5.5CVSS5.5AI score0.00875EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.42 views

GitLab 0.8.0 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39908)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be...

7.5CVSS7.4AI score0.0122EPSS
Exploits0References4
OSV
OSV
added 2022/04/19 7:26 p.m.6 views

SUSE-SU-2022:0942-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip bsc1186819...

5.7CVSS6AI score0.01687EPSS
Exploits2References3
Prion
Prion
added 2022/04/01 11:15 p.m.15 views

Code injection

In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code...

5CVSS7.4AI score0.0122EPSS
Exploits0References3Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2022/04/01 12:0 a.m.64 views

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2022:1091-1 Rating: moderate References: 1175619 1186819 1194146 1195396 Cross-References: CVE-2021-3572 CVE-2021-4189 CVE-2022-0391 CVSS scores: CVE-2021-3572 SUSE: 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N...

6.5CVSS8.1AI score0.08325EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2022/03/31 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2022:1044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.7CVSS7.6AI score0.01687EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/11/18 5:49 p.m.684 views

Moderate: Red Hat Security Advisory: llvm-toolset:rhel8 security update

An update for the llvm-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.3CVSS7.1AI score0.12205EPSS
Exploits4References3
AlmaLinux
AlmaLinux
added 2021/11/18 4:29 p.m.56 views

Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

8.3CVSS8.7AI score0.12205EPSS
Exploits4References1
OSV
OSV
added 2021/11/18 4:29 p.m.23 views

RLSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

8.5CVSS8AI score0.12205EPSS
Exploits4References2
Oracle linux
Oracle linux
added 2021/11/18 12:0 a.m.61 views

gcc-toolset-10-binutils security update

2.35-8.6 - Add ability to control the display of unicode characters. 2009176...

8.3CVSS8.6AI score0.12205EPSS
Exploits4
Oracle linux
Oracle linux
added 2021/11/18 12:0 a.m.66 views

binutils security update

2.30-108.0.2.1 - Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1 - Reviewed-by: Jose E. Marchesi 2.30-108.0.2 - Forward-port the following update: Thu Oct 07 2021 Nick Alcock - 2.30-93.0.4 - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps - Backport test resu...

8.3CVSS8.5AI score0.12205EPSS
Exploits4
Oracle linux
Oracle linux
added 2021/11/18 12:0 a.m.57 views

gcc-toolset-11-binutils security update

2.36.1-1.0.1.1 - Forward port Oracle patches from 2.36.1-1.0.1 - Reviewed-by: Jose E. Marchesi 2.36.1-1.1 - Add ability to control the display of unicode characters. 2009172...

8.3CVSS8.5AI score0.12205EPSS
Exploits4
Rows per page
Query Builder