3625 matches found
Siemens LOGO! CMR and SIMATIC RTU 3000
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! CMR2020, LOGO! CMR2040 and SIMATIC RTU 3000 family Vulnerabilities: Incorrect Calculation of Buffer Size, Improper Certificate Validation 2. RISK EVALUATION Successful...
Siemens Desigo CC Family
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC Family Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...
Inefficient Regular Expression Complexity in yiminghe/async-validator
✍️ Description It allows cause a denial of service when validating crafted invalid URLs. 🕵️♂️ Proof of Concept // PoC.js var asyncValidator = require"async-validator" const validator = new asyncValidator.default v: type: 'url', , forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr =...
Inefficient Regular Expression Complexity in prismjs/prism
✍️ Description The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️♂️ Proof of Concept...
Inefficient Regular Expression Complexity in chalk/ansi-regex
✍️ Description It allows cause a denial of service when matching crafted invalid ANSI escape codes. 🕵️♂️ Proof of Concept // PoC.mjs import ansiRegex from 'ansi-regex'; forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = "\u001B"+";".repeati10000; ansiRegex.testattackstr var timecost...
Inefficient Regular Expression Complexity in daaku/nodejs-tmpl
✍️ Description It allows cause a denial of service when formatting crafted string. 🕵️♂️ Proof of Concept // PoC.js var tmpl = require"tmpl" forvar i = 1; i = 50000; i++ var time = Date.now; var attackstr = ""+"".repeati10000+"answer"; tmplattackstr, answer: 42 var timecost = Date.now - time;...
The pitfalls of relying only on your ISP for DDoS protection
Relying on your Internet Service Provider ISP for DDoS protection is like going to a restaurant known for the freshest, tastiest seafood and ordering beef. Sure, they have it on the menu and they are happy to sell it to you, but the experience is not likely to compare well to what you’d have in a...
Inefficient Regular Expression Complexity in x-neuron/antdfront
✍️ Description A ReDoS regular expression denial of service flaw was found in the antdFront package. An attacker that is able to provide crafted input to the isUrlinput function may cause an application to consume an excessive amount of CPU. 🕵️♂️ Proof of Concept Create the following poc.mjs //...
in apolloconfig/apollo
✍️ Description The Application does not have control set in password complexity. It is possible to add a user with a single character password in the application. 🕵️♂️ Proof of Concept Adding the user. POST /users HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 63 Accept: application/json,...
axios Inefficient Regular Expression Complexity vulnerability
axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-22003
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...
CVE-2021-22003
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...
Default credentials
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...
CVE-2021-22003
VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and...
CVE-2021-3749
axios is vulnerable to Inefficient Regular Expression Complexity...
DEBIAN-CVE-2021-3749
axios is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3749
axios is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3749
axios is vulnerable to Inefficient Regular Expression Complexity...
Design/Logic Flaw
axios is vulnerable to Inefficient Regular Expression Complexity...
CVE-2021-3749
CVE-2021-3749 affects the Axios package used by IBM Cloud Pak System and Node.js environments. It is a Denial of Service vulnerability via a regular-expression DoS in the trim function, exploitable by crafted input to cause high CPU usage. Remediation is to upgrade to fixed software; IBM Cloud Pa...