Huawei Data Communication: Configuring Community Name Complexity Check

If SNMPv1 and SNMPv2 are used, the community complexity check function must be enabled. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Automation Direct CLICK PLC CPU Modules

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automation Direct Equipment: CLICK PLC CPU modules Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Transmission of Sensitive Information, Unprotected Storage of...

GHSA-Q8PJ-2VQX-8GGC Denial of service in css-what

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

CVE-2021-33587

A flaw was found in nodejs-css-what. The css-what package for Node.js does not ensure that attribute parsing has a Linear Time Complexity relative to the size of the input. The highest threat from this vulnerability is to system availability...

Denial Of Service (DoS)

css-what is vulnerable to denial of service. The vulnerability exists due to the system not ensuring that the attribute handler has Linear Time Complexity LTC relative to the size of the input causing the system to overload on the resource and crashing the system...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

CVE-2021-33587

CVE-2021-33587 affects the css-what package for Node.js (versions 4.0.0 through 5.0.0). The vulnerability arises from non-linear attribute parsing, which could lead to degraded performance or availability impacts as input size grows. The connected IBM/OSS references note a fixed release, with the...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

Insecure Cryptographic Functions

github.com/moov-io/customers uses insecure cryptographic function. An attacker is able to exploit the vulnerability by using a rainbow table attack on the system. Th vulnerability exists due to a probability of a lack of uniqueness in the complexity of the hash function...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Exiv2 vulnerabilities (USN-4964-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4964-1 advisory. It was discovered that Exiv2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of...

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

How to Address the Current Complexity and Chaos of Cloud IAM

Cloudy judgement Combining the separate themes of cloud technology and identity access management IAM might seem like an oxymoron in today’s endlessly scaling environments, but there’s really no going back in the box when it comes to the promise of cloud in driving innovation. The fact is, securi...

Beyond MFA: Rethinking the Authentication Key

You have to hand it to the cyber-thieves: They have proven extremely adept at defeating security measures once thought reliable. Case in point: multifactor authentication MFA. While two-factor authentication 2FA using push text notifications has become the de-facto standard for login security, ba...

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...

Regular Expression Denial of Service

Overview hosted-git-info before versions 2.8.9 and 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity Recommendation Upgrade to...

Regular Expression Denial Of Service (ReDoS)

path-parse is vulnerable to regular expression denial of service. An attacker is able to produce a denial of service condition in the application through worst-case time complexity via splitDeviceRe, splitTailRe and splitPathRe...

CVE-2021-23343

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...