Astra Linux - уязвимость в nodejs

There is a vulnerability related to untrusted search paths in Node.js. Versions 19.6.1, 18.14.1, 16.19.1, and 14.21.3 may allow an attacker to search for data and potentially load ICU data when running with elevated privileges...

Astra Linux - уязвимость в firefox, thunderbird

The concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a “use-after-free” condition, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

[SECURITY] Fedora 42 Update: fcitx5-chinese-addons-5.1.10-1.fc42

This provides pinyin and table input method support for fcitx5. Released under LGPL-2.1+. im/pinyin/emoji.txt is derived from Unicode CLDR with modification...

EUVD-2016-3063

Malware in sbrugna...

CVE-2017-20190

CVE-2017-20190 pertains to Microsoft Windows (Windows 8 through Windows 11) where processing multiple Unicode combining characters can cause temporary client-side performance degradation, a Zalgo text scenario. The core issue is described as a performance degradation during Unicode data processin...

Node.js: insecure loading of ICU data through ICU_DATA environment variable

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

PT-2023-21163 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 Description: The issue concerns escalation of privileges when failure mode allow: true is configured for the ext authz filter in Envoy, an open source edge and service proxy...

SUSE CVE-2012-6152

The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service application crash via crafted byte sequences...

SUSE CVE-2016-1974

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via crafted Unicode data in an HTM...

DEBIAN-CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

UBUNTU-CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla: Data-race when parsing non-UTF-8 URLs in threads

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

StackStorm st2 Infinite Loop Condition

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

CVE-2021-28667

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

Design/Logic Flaw

StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...

CVE-2021-28667

StackStorm before 3.4.1 is affected by an infinite-loop vulnerability that can consume all available memory and disk space when logging Unicode data if Python 3.x is used and the locale is not UTF-8. Root cause is an unbounded loop triggered during logging of Unicode data from actions or rules. I...