CVE-2023-3384

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

Cross site scripting

A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex validation.py, the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to...

SUSE CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

Regular Expression Denial Of Service (ReDoS)

django is vulnerable to Regular Expression Denial of Service ReDoS. A remote attacker is able to cause denial of service conditions through the EmailValidator or URLValidator functions via submitting a large number of domain name labels of emails and URLs...

Android Automotive OS Update Bulletin—July 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2023-07-05 or later from the July 2023 Android Security Bulletin in addition to all issues in this...

UBUNTU-CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

PYSEC-2023-100

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django versions prior to 3.2.20, 4.1.10, and 4.2.3, which...

AlmaLinux 8 : dhcp (ALSA-2023:3000)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3000 advisory. - In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the...

dhcp: DHCP memory leak

A vulnerability was found in the DHCP server where the "fqdnuniversedecode" function allocates buffer space for the contents of option 81 fqdn data received in a DHCP packet. The maximum length of a DNS "label" is 63 bytes. The function tests the length byte of each label contained in the "fqdn";...

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Roj...

Atlassian Confluence Server 安全漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management features and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Server and Data Center. An attacker could...

EulerOS Virtualization 2.9.1 : dhcp (EulerOS-SA-2023-1622)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it...

EulerOS Virtualization 2.9.0 : dhcp (EulerOS-SA-2023-1656)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it...

How to Customize Gateway Login Page Labels for Custom Theme when nFactor Login Schema is enabled

This article helps you customize gateway login page labels such as username/password field labels for custom theme when you are using nfactor authentication...

openSUSE 15 Security Update : nextcloud-desktop (openSUSE-SU-2023:0090-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0090-1 advisory. - Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client...

Malicious code in @bingads-webui-campaign-react/labels-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5055c6a222849b6ee18142cce7d609e00c04c147c4c60f6460a128aacca6252 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Advanced Product Labels for WooCommerce Plugin <= 1.2.4 is vulnerable to Broken Access Control

Software Advanced Product Labels for WooCommerce Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-45813 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 306429b28772 Credits...

EulerOS 2.0 SP5 : dhcp (EulerOS-SA-2023-1498)

According to the versions of the dhcp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the...