CVE-2023-2473 Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

CVE-2023-2473 Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be...

CVE-2023-2473

CVE-2023-2473 affects Dreamer CMS versions up to 4.1.3. The vulnerability resides in the Password Hash Calculation component, specifically the updatePwd function in the UserController.java, causing inefficient algorithmic complexity. The issue can be exploited remotely, with upgrade recommended a...

Dreamer CMS 安全漏洞

Dreamer CMS is a dreamer content management system by Junnan Wang, a Chinese individual developer. A security vulnerability exists in Dreamer CMS version 4.1.3 and prior versions. An attacker exploited the vulnerability to cause a reduction in algorithm complexity...

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

CVE-2023-2418

CVE-2023-2418 affects Konga version 2.8.3 running on Kong. The issue is in the Login API component, where handling leads to insufficiently random values. The documented attack complexity is high and exploitability is difficult, with multiple sources indicating the vulnerability could be exploited...

PT-2023-19459 · Konga · Konga

Name of the Vulnerable Software and Affected Versions: Konga version 2.8.3 Description: A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the...

Keysight N8844A Data Analytics Web Service (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Keysight Equipment : N8844A Data Analytics Web Service Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code...

Security Benefits of Enhanced Cloud Visibility

On the fence about migrating to the cloud because security seems complex and abstract? Let go of your on-premises point products and discover how a platform with enhanced cloud visibility can help smooth out your cloud journey...

14 Kubernetes and Cloud Security Challenges and How to Solve Them

Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and ado...

INEA ME RTU

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...

Omron CS/CJ Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access...

The vulnerability of the Ruby interpreter’s Time library allows a hacker to cause a service failure.

The vulnerability of the Ruby interpreter’s Time library relates to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service

Impact Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service. The following vulnerabilities were addressed: CVE-2023-24824 CVE-2023-26485 For more information, consult the release notes for versi...

Denial Of Service (DoS)

libcmark-gfm.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to polynomial time complexity issues that may lead to unbounded resource exhaustion causing an application crash...

Regular Expression Denial Of Service (ReDoS)

configobj is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficent regex complexity via the validate function, which can lead to a Denial of Service if an attacker is able to control the input being parsed...

SUSE CVE-2023-24824

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

SUSE CVE-2023-26485

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

"It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete?

Privileged Access Management PAM solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the hars...

DEBIAN-CVE-2023-26485

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...