3 matches found
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the logging process when verbose logging is enabled and per-node BGP peer passwords are configured via node annotations. An attacker can obtain sensitive credential information by...
Addressable has a Regular Expression Denial of Service in Addressable templates
Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...
PT-2025-41: The Twinkly Light Tree 3D firmware uses a vulnerable Blufi library
The vulnerability was identified in the Twinkly Light Tree 3D firmware, 2.8.18. An attacker within Bluetooth range, with physical access to a device running firmware prior to 2.9.0 and provisioning mode manually re-enabled could, in an attack scenario, interfere with the provisioning exchange and...