CVE-2022-30683

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this i...

Oracle Linux 8 : nodejs:16 (ELSA-2022-6449)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6449 advisory. - CVE fixes for CVE-2022-32212/3/4/5 - Resolves CVE-2022-33987 Tenable has extracted the preceding description block directly from the Oracle Linux...

USN-5610-1 rust-regex vulnerability

Addison Crump discovered that rust-regex did not properly limit the complexity of the regular expressions regex it parses. An attacker could possibly use this issue to cause a denial of service...

EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2022-2289)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap dat...

Design/Logic Flaw

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

CVE-2020-10735

CVE-2020-10735 affects Python’s integer parsing with non-binary bases, where int("text") on very long digit strings can cause a CPU DoS, impacting availability. The flaw is present in Python’s PyLong_FromString path and manifests in quadratic-time scenarios when parsing large decimal-like strings...

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

PSF-2022-4 Prevent DoS by large str-int conversions

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Facebook Has No Idea What Data It Has

This is from a court deposition: Facebooks stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022...

The vulnerability of the Python interpreter, related to errors in the conversion of data types `int` and `str`, allows attackers to trigger a service failure due to algorithmic complexity.

The vulnerability of the Python interpreter is related to errors during the conversion of data types int and str. Exploiting this vulnerability can allow an attacker to trigger a service failure due to the computational complexity involved...

[slackware-security] python3

New python3 packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/python3-3.9.14-i586-1slack15.0.txz: Upgraded. This is a security and bugfix release. gh-95778: Converting between int and str in bas...

3 Ways to Improve Data Protection in the Cloud

Cloud complexity is now a well-documented and widely felt phenomenon across technology teams — IT, development, and security alike. Multi-cloud architectures have become the norm, with 89% of organizations embracing a strategy that involves multiple cloud vendors. Not only are companies managing...

Slackware Linux 15.0 / current python3 Vulnerability (SSA:2022-250-01)

The version of python3 installed on the remote host is prior to 3.9.14. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-250-01 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system coul...

CVE-2022-36064

CVE-2022-36064 (Shescape) affects the JavaScript package Shescape. The vulnerability is an inefficient Regular Expression Complexity (ReDoS) in two RegExes used when escaping arguments for Unix shells (notably Bash/Dash) or when using escape/escapeAll with interpolation enabled. An attacker can c...

CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Delta Electronics DOPSoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-244-01 Delta Electronics DOPSoft that was published...

Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

GHSA-VQC4-V8HC-H2JG Polynomial regular expression used on uncontrolled data in nitrado.js

Impact Possible ReDoS with lib input of and with many repetitions of | Patches Patched in all versions above 0.2.5 Workarounds No known work arounds. References - OWASP: Regular expression Denial of Service - ReDoS - Wikipedia: ReDoS. - Wikipedia: Time complexity. - James Kirrage, Asiri Rathnayak...

Omron CX-Programmer

1. EXECUTIVE SUMMARY CVSS v3 7,8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-Programmer Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...