Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

Three Cloud-First Akamai Initiatives for Your Cloud Journey

According to a 2020 State of the Cloud Report, 61% of organizations plan to focus on cloud migration this year and 93% have a multi-cloud strategy. This means that on average your organization is using 2.2 public clouds, multiplying your complexity and costs...

Huawei EulerOS: Security Advisory for perl-Email-Address (EulerOS-SA-2020-2104)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : perl-Email-Address (EulerOS-SA-2020-2104)

According to the versions of the perl-Email-Address package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to...

Ubuntu 16.04 LTS / 18.04 LTS : Email-Address-List vulnerability (USN-4517-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4517-1 advisory. It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to...

USN-4517-1: Email-Address-List vulnerability

It was discovered that Email-Address-List does not properly parse email addresses during email-ingestion. A remote attacker could use this issue to cause an algorithmic complexity attack, resulting in a denial of service. CVE-2018-18898...

PT-2020-15490 · Jenkins · Jenkins Coverage/Complexity Scatter Plot Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverage/Complexity Scatter Plot Plugin versions 1.1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape the method information in tooltips,...

The vulnerability in the implementation of the TLS protocol in Cisco AsyncOS software for Cisco Email Security Appliances allows a attacker to induce a service failure.

The vulnerability of the TLS Transport Layer Security implementation in Cisco AsyncOS software for Cisco Email Security Appliances is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

Web Application and API Protection -- From SQL Injection to Magecart

SQL injections were first discovered in 1998, and over 20 years later, they remain an unsolved challenge and an ongoing threat for every web application and API. The Open Web Application Security Project OWASP highlighted injection flaws in its Top 10 lists for both web application security risks...

PT-2023-11819 · Mholt · Papaparse

Name of the Vulnerable Software and Affected Versions: mholt PapaParse versions up to 5.1.x Description: A vulnerability was found in the file papaparse.js, leading to inefficient regular expression complexity. The issue is classified as problematic and affects an unknown function. Upgrading to...

Mitsubishi Electric Multiple Products (Update G)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple products Vulnerability : Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could be used...

Low: php72, php73

Issue Overview: The flaw is in pharparsezipfile of ext/phar/zip.c. When processing a PHP archive file phar, if a persistent entry is used as defined in php.ini, then memory pointed to by the actualalias pointer is freed. Directly after the free, the actualalias pointer is passed to...

Dictionary Attacks

samba is vulnerable to dictionary attacks. The vulnerability exists in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail ...

Mitsubishi Electric Factory Automation Products Path Traversal (Update C)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation products Vulnerability: Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Large, Complex DDoS Attacks on the Rise in 2020

While we've highlighted both record PPS and BPS attacks mitigated on the Akamai Prolexic Platform over the past few weeks, these attacks are part of a broader trend of increasingly large and complex DDoS activity. We have seen clear indications across the industry of high-water mark DDoS attacks...

Authentication flaw

OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts...

Huawei Data Communication: Configuring User Password Complexity Check

The system checks the password complexity when setting a user password. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenClinic GA Authorization Issue Vulnerability (CNVD-2021-17443)

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. An authorization issue vulnerability exists in OpenClinic GA versions 5.09.02 and 5.89.05b, which stems from the...

PT-2020-18334 · Github +4 · Github Flavored Markdown +4

Name of the Vulnerable Software and Affected Versions: GitHub Flavored Markdown versions prior to 0.29.0.gfm.1 Description: The issue is related to the time complexity of parsing certain markdown tables, which can take On n time. An attacker could craft a markdown table to cause a denial of...