344 matches found
Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-2549)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : shadow (EulerOS-SA-2023-2323)
According to the versions of the shadow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not...
Improper Input Validation
github.com/mattermost/mattermost-server is vulnerable to Improper Input Validation. The vulnerability exists due to not properly validating the Unicode characters in the domain name, which allows an attacker to bypass the domain denylist for link previews by sharing links with Unicode-confusable...
Code injection
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...
Design/Logic Flaw
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2021-20223
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
[SECURITY] Fedora 36 Update: chafa-1.8.0-4.fc36
Chafa is a command-line utility that converts all kinds of images, including animated image formats like GIFs, into ANSI/Unicode character output that can be displayed in a terminal. It is highly configurable, with support for alpha transparency and multiple color modes and color spaces, combinin...
GitLab 0.8.0 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-39908)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be...
SUSE-SU-2022:0942-2 Security update for python3
This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip bsc1186819...
Code injection
In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code...
Security update for python (moderate)
openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2022:1091-1 Rating: moderate References: 1175619 1186819 1194146 1195396 Cross-References: CVE-2021-3572 CVE-2021-4189 CVE-2022-0391 CVSS scores: CVE-2021-3572 SUSE: 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N...
SUSE: Security Advisory (SUSE-SU-2022:1044-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: llvm-toolset:rhel8 security update
An update for the llvm-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: llvm-toolset:rhel8 security update
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...
RLSA-2021:4743 Moderate: llvm-toolset:rhel8 security update
LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...
gcc-toolset-10-binutils security update
2.35-8.6 - Add ability to control the display of unicode characters. 2009176...
binutils security update
2.30-108.0.2.1 - Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1 - Reviewed-by: Jose E. Marchesi 2.30-108.0.2 - Forward-port the following update: Thu Oct 07 2021 Nick Alcock - 2.30-93.0.4 - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps - Backport test resu...
gcc-toolset-11-binutils security update
2.36.1-1.0.1.1 - Forward port Oracle patches from 2.36.1-1.0.1 - Reviewed-by: Jose E. Marchesi 2.36.1-1.1 - Add ability to control the display of unicode characters. 2009172...