3631 matches found
CVE-2024-7155
A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557B20221024 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. It is possible to launch the attack on the local...
CVE-2024-7155
TOTOLINK A3300R, version 17.0.0cu.557_B20221024, has a vulnerability in the /etc/shadow.sample file where a hard-coded password is used via an unknown functionality. This enables a local attack with high attack complexity and public disclosure of the exploit. No fixed version is listed in the pro...
CVE-2024-3651
...
EulerOS 2.0 SP8 : python-idna (EulerOS-SA-2024-2049)
According to the versions of the python-idna packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...
EulerOS 2.0 SP10 : python-idna (EulerOS-SA-2024-1918)
According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the use of a regular expression c with inefficient computational complexity, allowing attackers to trigger service interruptions.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
EulerOS 2.0 SP10 : python-idna (EulerOS-SA-2024-1894)
According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...
CVE-2024-34123
Adobe Premiere Pro is affected by CVE-2024-34123 (Untrusted Search Path) in versions 23.6.5, 24.4.1 and earlier. The root cause is untrusted search path usage that could allow an attacker to execute arbitrary code by placing a malicious file in the search path; exploitation requires user interact...
Internet Bug Bounty: CVE-2024-38875: Denial-Of-Service through uncontrolled resource consumption caused by poor time complexity of strip_punctuation .
The vulnerability CVE-2024-38875 was discovered in the strippunctuation function used by the urlize and urlizetrunc filters. The function had a poor time complexity of On^2 in the worst case, which could lead to uncontrolled resource consumption when processing input with a large number of openin...
Johnson Controls Inc. Software House C●CURE 9000 (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House C●CURE 9000 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...
Delta Electronics CNCSoft-G2 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
Siemens TIA Portal and SIMATIC STEP 7
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2024-3651
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
CVE-2024-3651
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...
PT-2025-5893
Name of the Vulnerable Software and Affected Versions libtasn1 affected versions not specified Description A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can...
EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1850)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...
Yokogawa CENTUM
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Yokogawa Equipment : CENTUM Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...
CVE-2024-6129
CVE-2024-6129 affects spa-cartcms 1.9.0.6, specifically the Username Handler component’s /login function where manipulating the email argument causes observable behavior differences. All connected sources confirm remote exposure with high attack complexity and a disclosed exploit; exploitation st...