PT-2026-31820

Name of the Vulnerable Software and Affected Versions Zod jsVideoUrlParser versions up to 0.5.1 Description A weakness exists in Zod jsVideoUrlParser up to version 0.5.1. The issue is related to inefficient regular expression complexity caused by manipulation of the timestamp argument within the...

EUVD-2022-28532

Malicious code in bioql PyPI...

CVE-2023-45827 Prototype Pollution vulnerability in @clickbar/dot-diver

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the setByPath function which can leads to remote code...

[SECURITY] [DLA 3332-1] apr-util security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3332-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 21, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

CVE-2021-32821

CVE-2021-32821 affects MooTools (JavaScript utilities). The issue is a vulnerability in MooTools’ CSS selector parser, where a crafted CSS selector can trigger a Regular Expression Denial of Service (ReDoS) at runtime. Exploitation requires injecting a string into a selector (e.g., via runtime qu...

Design/Logic Flaw

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...

CVE-2022-41920 Zip slip in Lancet

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...

CVE-2022-41920

Lancet’s Go library (github.com/duke-git/lancet) contains a ZipSlip vulnerability in the fileutil UnZip path when unzipping archives. Affected versions are vulnerable; the issue is addressed with fixes in Lancet v2.1.10 and v1.3.4. Upgrading to these versions or newer is advised. No explicit work...

Lodash command injection vulnerability

Lodash is an open source JavaScript utility library. A command injection vulnerability exists in Lodash 4.17.21, which can be exploited by attackers to execute arbitrary code via a template function...

[SECURITY] Fedora 33 Update: nodejs-underscore-1.13.1-1.fc33

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects...

Unspecified vulnerability in 101 applications (CNVD-2021-47376)

101 is an application program . Provides a JS util library. A security vulnerability exists in 101 versions 1.0.0 through 1.6.3, which can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...

Unspecified vulnerability in 101 applications

101 is an application program . Provides a JS util library. A security vulnerability exists in 101 versions 1.0.0 through 1.6.3, which can be exploited by an attacker to cause a denial of service and potentially lead to remote code execution...

[SECURITY] Fedora 23 Update: rubygem-activesupport-4.2.3-3.fc23

Utility library which carries commonly used classes and goodies from the Rails framework...

[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-4.fc22

Utility library which carries commonly used classes and goodies from the Rails framework...

Gentoo Security Advisory GLSA 201405-24

Gentoo Linux Local Security Checks GLSA 201405-24 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-2.fc22

Utility library which carries commonly used classes and goodies from the Rails framework...

Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

DEBIAN-CVE-2014-7231

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

CVE-2014-7231

OpenStack Oslo utility library issue CVE-2014-7231 affects Cinder, Nova, and Trove before versions 2013.2.4 and 2014.1 before 2014.1.3. The strutils.mask_password() function did not properly mask passwords in command logs, enabling a local user with read access to logs to retrieve passwords. Reme...