The vulnerability of the PDF processing library PyPDF2, related to algorithmic complexity, allows attackers to trigger a service denial.

The vulnerability of the PyPDF2 library for processing PDF files is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service failures...

NewStart CGSL MAIN 6.06 : python3 Multiple Vulnerabilities (NS-SA-2023-0130)

The remote NewStart CGSL host, running version MAIN 6.06, has python3 packages installed that are affected by multiple vulnerabilities: - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

Introducing ThreatDown: A new chapter for Malwarebytes

Since I started Malwarebytes 15 years ago the threat landscape has changed. Our offerings have evolved. And now the next chapter of our journey begins today. How did we get here? My first cyber “combatant” was an early form of adware running amok on my family’s computer. Removing it was a team...

golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests...

Rocky Linux 9 : python3.9 (RLSA-2022:7323)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7323 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

ROS-20231030-02

A vulnerability in the Django web application software platform, is related to regular expressions for text clipping that have linear backtrack complexity, which can be slow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service with certain HTML...

Strategic Tips to Optimize Cybersecurity Consolidation

Say goodbye to security silos. Organizations are eager to take advantage of cybersecurity consolidation and make their security environments more manageable. Evolving incrementally and adopting a platform that supports third-party integrations are key to reducing cybersecurity complexity...

TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link

Summary The torbot.modules.validators.validatelink function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument.. Details...

CVE-2023-45813 Inefficient Regular Expression Complexity in TorBot

Torbot is an open source tor network intelligence tool. In affected versions the torbot.modules.validators.validatelink function uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash...

Rockwell Automation FactoryTalk Linx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to information...

Pleroma Path Traversal vulnerability

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is...

Ubuntu 18.04 ESM / 20.04 ESM : hosted-git-info vulnerability (USN-5216-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5216-1 advisory. It was discovered that hosted-git-info incorrectly handled certain inputs. A remote attacker could use this to cause a denial of service. Tenable has...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : NLTK vulnerability (USN-5215-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5215-1 advisory. Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a...

Path traversal

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is...

PT-2023-32198 · Unknown · Kphrx Pleroma

Name of the Vulnerable Software and Affected Versions: kphrx pleroma affected versions not specified Description: A vulnerability was found in kphrx pleroma, classified as problematic. It affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argume...

GHSA-RQ36-9F5F-2GW7 Magento Open Source allows SQL Injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

GHSA-GGR8-3HWX-4F2M Magento Open Source allows SQL Injection

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

CVE-2023-38249

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

CVE-2023-38249

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...

CVE-2023-38221

Adobe Commerce versions 2.4.7-beta1 and earlier, 2.4.6-p2 and earlier, 2.4.5-p4 and earlier and 2.4.4-p5 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could lead in arbitrary code execution by an admin-privileg...