python: urllib: Regular expression DoS in AbstractBasicAuthHandler

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

Couchbase Server 加密问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that primarily supports data querying, full-text searching, and active global replication. A cryptographic issue vulnerability exists in Couchbase Server, which stems from the inclusion of plaintext...

A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365

Microsoft 365 M365, formerly called Office 365 O365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and...

Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information

A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged to inadvertently leak sensitive information, according to the latest research. "Due to the fact that authentication an...

CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

DEBIAN-CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

UBUNTU-CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

Buffer overflow

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

CVE-2020-27372

CVE-2020-27372 describes a buffer overflow in Brandy Basic V Interpreter 1.21, specifically in the run_interpreter function. Across connected sources, the vulnerability is consistently reported as affecting that component with a high to critical impact profile (network attack, no authentication, ...

CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

Brandy 缓冲区错误漏洞

Brandy is a Basic V Interpreter. A buffer error vulnerability exists in Brandy Basic V Interpreter that stems from the product's failure to properly handle data boundaries when the runinterpreter function is run. The following products and versions are affected: Brandy Basic V Interpreter version...

CarPunk - The Car Hacking Toolkit

CARPUNK IS VERY SIMILAR TO CANghost, ONLY THE DEFFERENCE IS, IT COMES WITH OPTIONS TO ENABLE OR DISABLE INTERFACE AND BASIC SNIFFING AS EXTRA. IT WORKS ON BOTH SIMULATION & REAL CARS. HAS THE OPTIONS TO RECORD AND PLAY THE CAN PACKETS. NO ANY ARGUMENTS REQUIRED WHEN RUNNING BUT NEED...

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language arises from information leaks due to temporal discrepancies. This allows attackers to gain access to confidential data.

The vulnerability of the aaugustin communication protocol’s websockets in the Python programming language is related to an error that occurs when basic authentication using basicauthprotocolfactorycredentials=... is enabled. Exploiting this vulnerability can allow a remote attacker to gain access...

GitLab 授权问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An authorization issue vulnerability exists in GitLab EE, which can be exploit...

[Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

!\Security Nation\ Rob Graham on Mike Lindell's Cyber Symposiumhttps://blog.rapid7.com/content/images/2021/09/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell's Cyber...

Basic auth bypass in esphome

Impact Anyone with webserver enabled and HTTP basic auth configured on 2021.9.1 or older webserver allows OTA update without checking user defined basic auth username & password Patches Patch released in 2021.9.2 Workarounds Disable/remove webserver...

GHSA-48MJ-P7X2-5JFM Basic auth bypass in esphome

Impact Anyone with webserver enabled and HTTP basic auth configured on 2021.9.1 or older webserver allows OTA update without checking user defined basic auth username & password Patches Patch released in 2021.9.2 Workarounds Disable/remove webserver...