769 matches found
SUSE: Security Advisory (SUSE-SU-2021:4063-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Workaround for CVE-2021-44228 Log4j RCE exploit as a buildpa...
ChopChop - ChopChop Is A CLI To Help Developers Scanning Endpoints And Identifying Exposition Of Sensitive Services/Files/Folders
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT. Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file by...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
ALSA-2021:4201 Moderate: babel security and bug fix update
Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR Common Locale Data Repository, providing access to various locale display names, localized number and date formatting, etc. Security Fixes: python-babel: Relative path traversal allows attacke...
Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public
This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method Only if the MODCGI is Enabled at the targeted webserver. This tool works with the...
The vulnerability of the server-based Redmine project and task management web application lies in its ability to read data beyond the allowed buffer size limits, allowing an attacker to compromise the integrity of the data.
The vulnerability of the server-based Redmine project and task management web application is related to incorrect data processing during the formatting of tasks. Exploiting this vulnerability allows an attacker to compromise the integrity of the data...
Foxit PDF Editor 缓冲区错误漏洞
Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A buffer error vulnerability exists in Foxit PDF Reader because the product's printing method does not properly validate user-entered formatting descriptors. The vulnerability can be exploited to cause malicious code to be executed ...
Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a use-after-free vulnerability in the ConditionalFormatting functionality of Microsoft Office Excel 2019 that could allow an attacker to execute arbitrary code on the... This i...
Aruba Instant 格式化字符串错误漏洞
Aruba Instant is a wireless network from Aruba USA. provides the only Wi-Fi solution that is easy to set up. Aruba Instant suffers from a Formatting String Error vulnerability that originates from a formatting string error in the Instant Command Line Interface. The vulnerability allows remote use...
CLSA-2021-1632261664 Fix of CVE: CVE-2021-27364, CVE-2021-27363, CVE-2021-27365
CVE-2021-27365: scsi: iscsi: Ensure sysfs attributes are limited to PAGESIZE - CVE-2021-27365: scsi: iscsi: Verify lengths on passthrough PDUs - CVE-2021-27363: CVE-2021-27364: scsi: iscsi: Restrict sessions and handles to admin capabilities - sysfs: Add sysfsemit and sysfsemitat to format sysfs...
GHSA-JGRX-MGXX-JF9V tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
nodejs-tmpl is simple string formatting. tmpl is vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion...
Apache Dubbo formatting string error vulnerability
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...
GHSA-P5W8-WQHJ-9HHF StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Impact The formatter function that strips comments from a SQL contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Patches The...
GHSA-QVM7-23CJ-437V Remote Code Execution in Apache Dubbo
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...
Format string
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...
Apache Dubbo 格式化字符串错误漏洞
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation. It provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A code injection vulnerability exists in Apache Dubbo, which...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...