CVE-2018-25049 email-existence index.js redos

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is...

CVE-2015-10005 markdown-it html_re.js redos

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of t...

CVE-2015-10005 markdown-it html_re.js redos

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/htmlre.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of t...

Markdown-It 安全漏洞

Markdown-It is a Markdown parser. A security vulnerability exists in versions of Markdown-It before 2.x. An attacker exploited the vulnerability to cause an increase in the complexity of regular expressions...

Fedora 36 : python3.6 (2022-d4570fc1a6)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d4570fc1a6 advisory. Prevent denial of service DoS by very large integers. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 36 : ghc-cmark-gfm (2022-6bcee2cc93)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6bcee2cc93 advisory. updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209 Tenable has extracted the preceding description block directly from the Fedora...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-2827)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int'text', a system could take 50ms...

Siemens APOGEE/TALON Field Panels

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC/TALON TC Vulnerabilities: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack...

Siemens SCALANCE SC-600 Family

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE SC-600 Family Vulnerability: Out-of-bounds Write, Use After Free, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

Siemens APOGEE and TALON

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE and TALON Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privilege authenticated attacker to gain...

Siemens Simcenter STAR-CCM+

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary files. 3. TECHNICAL...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-2805)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2022 : python3.10 (ALAS2022-2022-212)

The version of python3.10 installed on the remote host is prior to 3.10.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-212 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a syst...

Medium: python3

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 1...

Can Cloud Security Be Easier Than Complex?

A bigger piece of the meal For those in the United States and certain parts of the world, it’s time for end-of-year holidays. That means lots and lots of big meals to celebrate these special occasions. Each dish created becomes part of that larger meal. Another important event that occurs around...

Red Lion Crimson

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Controls Equipment: Crimson Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain user credential hashes. 3...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-2738)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python3 (EulerOS-SA-2022-2773)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int'text', a system could take 50ms...

CVE-2022-3979 NagVis CoreLogonMultisite.php checkAuthCookie type conversion

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated...