eth_account 安全漏洞

ethaccount is an ethereum account generator. A security vulnerability exists in versions of ethaccount prior to 0.5.9, which can be exploited by an attacker to trigger an exponential ReDoS in the eth-account PyPI package when providing arbitrary input to the encodestructureddata method...

PT-2022-4437 · Pypi · Eth-Account

Name of the Vulnerable Software and Affected Versions: eth-account affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered in the eth-account PyPI package. This occurs when an attacker is able to supply...

Malicious code in hexie-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d480e2cc2e535605e7caaa7981e20f5ee3d64e5a0629c5196070869acc7e5a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3617 Malicious code in hexie-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d480e2cc2e535605e7caaa7981e20f5ee3d64e5a0629c5196070869acc7e5a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2022-36144

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64encode...

mPDF 7.0 - Local File Inclusion Exploit

Exploit Title: mPDF 7.0 - Local File Inclusion Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse import quote from cmd import Cmd from...

Cross-site Scripting (XSS)

subhh/libconnect is vulnerable to cross-site scriptingXSS attacks. The library does not properly encode the user input in displayParticipantsFormAction function, allowing an attacker to inject and execute malicious javascript on the target system...

brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

GHSA-2QM5-R82G-5HCX ThinkAdmin directory traversal vulnerability

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

ThinkAdmin directory traversal vulnerability

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter...

new packages: perl-Encode-Locale

An update is available for perl-Encode-Locale. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Encode-Detect

An update is available for perl-Encode-Detect. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Encode

An update is available for perl-Encode. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2022-28471

In ffjpeg commit hash: caade60, the function bmpload in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfifencode in jfif.c. This is due to the incomplete patch for issue 38...

U.S. Dept Of Defense: RXSS on █████████

I found RXSS on https://███████/██████ Impact Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious...

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

Input validation

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

PYSEC-2022-183

Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

CVE-2021-41945

Encode OSS httpx 0.23.0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...

CVE-2021-41945

CVE-2021-41945: Encode OSS httpx =0.22.0-2 for certain distributions; upstream fixes are in 0.23.0+), or apply vendor patches when available. Exploitation details are not provided in the documents; no in-the-wild exploit links are confirmed here. For organizations using affected versions, priorit...