Lucene search
K

769 matches found

OpenVAS
OpenVAS
added 2021/12/15 12:0 a.m.9 views

SUSE: Security Advisory (SUSE-SU-2021:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
GithubExploit
GithubExploit
added 2021/12/10 11:34 p.m.421 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Workaround for CVE-2021-44228 Log4j RCE exploit as a buildpa...

10CVSS9.6AI score0.99999EPSS
Exploits347
Kitploit
Kitploit
added 2021/11/14 11:30 a.m.36 views

ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders

ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...

7.6AI score
Exploits0References9
RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.5 views

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/11/09 5:42 p.m.4 views

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References4
OSV
OSV
added 2021/11/09 8:37 a.m.29 views

ALSA-2021:4201 Moderate: babel security and bug fix update

Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc. Security Fixes: python-babel: Relative path traversal allows attacke...

7.8CVSS8.2AI score0.00716EPSS
Exploits1References3
Kitploit
Kitploit
added 2021/10/29 8:30 p.m.95 views

Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public

This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method Only if the MODCGI is Enabled at the targeted webserver. This tool works with the...

7.5CVSS9.5AI score0.99992EPSS
Exploits148References1
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.4 views

The vulnerability of the server-based Redmine project and task management web application lies in its ability to read data beyond the allowed buffer size limits, allowing an attacker to compromise the integrity of the data.

The vulnerability of the server-based Redmine project and task management web application is related to incorrect data processing during the formatting of tasks. Exploiting this vulnerability allows an attacker to compromise the integrity of the data...

5.3CVSS5.9AI score0.00809EPSS
Exploits0References7Affected Software3
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.6 views

Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A buffer error vulnerability exists in Foxit PDF Reader because the product's printing method does not properly validate user-entered formatting descriptors. The vulnerability can be exploited to cause malicious code to be executed ...

5.5CVSS5.9AI score0.00331EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2021/10/12 12:48 p.m.14 views

Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a use-after-free vulnerability in the ConditionalFormatting functionality of Microsoft Office Excel 2019 that could allow an attacker to execute arbitrary code on the... This i...

2.9AI score
Exploits0
CNNVD
CNNVD
added 2021/10/07 12:0 a.m.6 views

Aruba Instant 格式化字符串错误漏洞

Aruba Instant is a wireless network from Aruba USA. provides the only Wi-Fi solution that is easy to set up. Aruba Instant suffers from a Formatting String Error vulnerability that originates from a formatting string error in the Instant Command Line Interface. The vulnerability allows remote use...

5.3CVSS5.8AI score0.01249EPSS
Exploits0References6
OSV
OSV
added 2021/09/21 10:1 p.m.12 views

CLSA-2021-1632261664 Fix of CVE: CVE-2021-27364, CVE-2021-27363, CVE-2021-27365

CVE-2021-27365: scsi: iscsi: Ensure sysfs attributes are limited to PAGESIZE - CVE-2021-27365: scsi: iscsi: Verify lengths on passthrough PDUs - CVE-2021-27363: CVE-2021-27364: scsi: iscsi: Restrict sessions and handles to admin capabilities - sysfs: Add sysfsemit and sysfsemitat to format sysfs...

7.8CVSS6.8AI score0.02079EPSS
Exploits3References1
OSV
OSV
added 2021/09/20 8:27 p.m.1 views

GHSA-JGRX-MGXX-JF9V tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...

7.5CVSS7.1AI score0.01257EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/09/20 8:27 p.m.65 views

tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion

nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...

7.8CVSS7.5AI score0.01257EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2021/09/14 12:0 a.m.25 views

Apache Dubbo formatting string error vulnerability

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...

9.8CVSS1.6AI score0.02388EPSS
Exploits0References1
OSV
OSV
added 2021/09/10 5:56 p.m.4 views

GHSA-P5W8-WQHJ-9HHF StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)

Impact The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Patches The...

8.7CVSS5.8AI score0.02134EPSS
Exploits0References7
OSV
OSV
added 2021/09/10 5:54 p.m.3 views

GHSA-QVM7-23CJ-437V Remote Code Execution in Apache Dubbo

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

9.8CVSS5.8AI score0.02388EPSS
Exploits0References3
Prion
Prion
added 2021/09/09 8:15 a.m.14 views

Format string

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

7.5CVSS9.4AI score0.02388EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.14 views

Apache Dubbo 格式化字符串错误漏洞

Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...

9.8CVSS5.8AI score0.02388EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/08/24 1:6 p.m.4 views

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References4
Rows per page
Query Builder