Delta Electronics CNCSoft

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure or an application crash. 3. TECHNICAL DETAILS 3.1...

Siemens Simcenter STAR-CCM+ Viewer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a crash, arbitrary code execution, or data extraction. 3...

Siemens JTTK and JT Utilities

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JTTK and JT Utilities Vulnerabilities: Out-of-bounds Write, Use after Free, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead the application to crash or...

What is Code Obfuscation?

Introduction The hazards of hacking and its corresponding disasters have become so precarious that the developers and organizations take utmost care to lessen their occurrence and the impact. Code obfuscation is one such strategic move that, when performed, keeps administered codes away from the...

Inefficient Regular Expression Complexity in nltk/nltk

Description nltk is vulnerable to ReDoS attack because of ^-?0-9+.0-9+?$ regex. If attacker succeeds to use malicious payload against RegexpTagger used in function getpostagger and maltregextagger, it will cause a nasty DoS. Proof of Concept // PoC.py import re, time pattern =...

Schneider Electric SESU

1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...

Password usage analysis of brute force attacks on honeypot servers

As Microsoft’s Head of Deception, Ross Bevington is responsible for setting up and maintaining honeypots that look like legitimate systems and servers. Honeypot systems are designed to pose as an attractive target for attackers. Sometimes they are left vulnerable to create a controllable and safe...

Philips MRI 1.5T and 3T (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Philips Equipment: MRI 1.5T and 3T Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...

The vulnerability of the microprogrammed logic controller ioLogik software, related to insufficient requirements for password complexity, allows a hacker to obtain user passwords by brute-force methods.

The vulnerability of the microprogrammed logic controller ioLogik software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability allows a malicious actor to manually select user passwords using brute-force methods...

GHSA-XX4C-JJ58-R7X6 Inefficient Regular Expression Complexity in Validator.js

Impact Versions of validator prior to 13.7.0 are affected by an inefficient Regular Expression complexity when using the rtrim and trim sanitizers. Patches The problem has been patched in validator 13.7.0...

python-pygments: ReDoS in multiple lexers

A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...

python-pygments: ReDoS in multiple lexers

A denial of service attack was discovered against pygments. Some of the regular expressions used to tokenise source code for highlighting have exponential complexity. A specially crafted input file could cause pygments to take effectively infinite time to parse, consuming CPU resources and denyin...

Inefficient Regular Expression Complexity in validator.js

validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

UBUNTU-CVE-2021-3765

validator.js is vulnerable to Inefficient Regular Expression Complexity...

CVE-2021-3765

CVE-2021-3765 (validator.js) is described in the provided materials as a regular expression denial of service (ReDoS) vulnerability. The technical detail mentioned is a vulnerability in validator.js related to inefficient regular expression complexity, specifically a ReDoS condition triggered by ...

CVE-2021-3765

Removed by vendor...

Exploit for Code Injection in Gitlab

This is a PoC exploit for CVE-2021-22205, a Gitlab CE/EE RCE Re...