CVE-2023-23925

The CVE-2023-23925 entry concerns the Switcher Client JavaScript SDK (Switcher API). Affects the strategy match operation (EXIST) where unsanitized input is used to build a regular expression, enabling a Regular Expression Denial of Service (ReDoS). Impact is indicated as high; CVSS vectors show ...

CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

GHSA-WQXW-8H5G-HQ56 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. Patches Patched in 3.1.4 Workarounds Avoid using Strategy settings that use REGEX in conjunction with EXIST a...

Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. Patches Patched in 3.1.4 Workarounds Avoid using Strategy settings that use REGEX in conjunction with EXIST a...

Ransomware Recovery Plan for 2023

It’s important to defend against ransomware attacks, but is your organization prepared to deal with the consequences of a breach? Find out how to plan an effective ransomware recovery strategy...

commitToLien() can create LienToken for any holder

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...

commitment.lienRequest.strategy.vault can be dffierent from the actual vault

Lines of code Vulnerability details Impact The protocol doesn't check that commitment.lienRequest.strategy.vault is equal to the actual vault. The problem with this is that commitment.lienRequest.strategy.vault and vault might be using 2 different tokens. The borrower gets the token of the actual...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposed credentials in plain text...

Synaptics Fingerprint Driver Vulnerability - Lenovo Support US

No description provided...

AMD Graphics Driver Vulnerabilities- November, 2022 - Lenovo Support US

No description provided...

Intel Wireless Bluetooth and Killer Bluetooth Advisory - Lenovo Support US

No description provided...

Intel PROSet Wireless Wi-Fi, Intel AMT Wireless and Killer Wi-Fi Software Advisory - Lenovo Support US

No description provided...

Building an Effective Bot Management Strategy

Effectively managing bot traffic requires a combination of strong detection and response strategies. Here, we explore Akamai’s methods for implementing both...

ThinkPad X13s BIOS Vulnerabilities - Lenovo Support US

No description provided...

The patch is not sufficient: there is another insidious exploit that can cause the same critical consequences

Lines of code Vulnerability details Status Has been reported to and confirmed by Jeff ENS team Note to the Judge I am not sure whether I should label this as a newly-identified High or a mitigation hard error. The root cause of this issue seems as same as the original report, but this requires us...

strategy-center.ru Cross Site Scripting vulnerability OBB-3103896

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing

Today, the National Security Agency NSA, CISA, and the Office of the Director of National Intelligence ODNI, published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework ESF, a public-private cross-sector working group led by the NSA and CISA—present...

Cybersecurity Plan: 3 Keys for CISOs

CISOs and security professionals need a cybersecurity plan to succeed. Explore three keys for a winning strategy...

Researcher Spotlight: How working for Talos started out as an ‘accident’ for Ashlee Benge before coming a second career

Talos lead of data strategy and insights has a lot of weight on her shoulders currently, but its nothing shes not used to Most people who first meet Ashlee Benge do a double take when they hear about her past experience. The average security practitioner at a networking event may share that they...

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense DoD released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state...