Ruby on Rails: ReDoS in Rack::Multipart

A regular expression denial of service ReDoS vulnerability was discovered in the Rack gem's Multipart module. This vulnerability allowed an attacker to cause a denial of service by sending a specially crafted header, resulting in excessive CPU usage on the server. The vulnerability has been patch...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0531-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPath...

WIN-911 2021

1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Low attack complexity Vendor: WIN-911 Equipment: WIN-911 2021 Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the misconfigured privileges to the...

CVE-2022-23202

Adobe Creative Cloud Desktop version 2.7.0.13 and earlier is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a...

Path traversal

Adobe Creative Cloud Desktop version 2.7.0.13 and earlier is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a...

What’s Next in Security from Microsoft

One of the biggest challenges in security today is complexity. Not only is there an ever-growing number of threats, but many organizations are defending their companies with a patchwork of security solutions that don’t work well together. This piecemeal approach is costly, less secure, and hinder...

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

Cyber Threat Protection — It All Starts with Visibility

Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This,...

CVE-2022-22153

CVE-2022-22153 affects Junos OS flowd on SRX Series and MX Series with SPC3. A high-rate fragmented-traffic condition (fragmented packets > ~5%) can cause latency or packet loss due to insufficient algorithmic complexity and unthrottled resource allocation. Affected versions are prior to 18.2R...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...

Mitsubishi Electric MELSEC-F Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Improper Initialization 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in the...

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

DEBIAN-CVE-2021-3842

nltk is vulnerable to Inefficient Regular Expression Complexity...

UBUNTU-CVE-2021-3842

nltk is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3842

CVE-2021-3842 affects the Python NLTK package; the vulnerability is an Inefficient Regular Expression Complexity (REDoS) in certain RegexpTaggers, leading to potential denial of service. Exposed components: nltk/nltk (regex processing). Public sources assign a high severity (CVSS v3.1 base 7.5; i...

CVE-2021-3842 Inefficient Regular Expression Complexity in nltk/nltk

nltk is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3842

nltk is vulnerable to Inefficient Regular Expression Complexity...

Delta Electronics CNCSoft

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure or an application crash. 3. TECHNICAL DETAILS 3.1...

Siemens Healthineers syngo fastView (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Healthineers, a subsidiary of Siemens Equipment: syngo fastView --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Out-of-bounds Write, Write-what-where Condition --------- End Update A Part 1 of 2...