Cross site scripting

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/userPreregistration.jsp. The preRegistrationData parameter is vulnerable: a reflected cross-site scriptin...

0z_export (>=1.0.0 <=1.0.102), 1broker-positions-analyser (>=1.0.0 <=1.2.1) +5156 more potentially affected by CVE-2019-17592 via csv-parse (>=0.0.2 <=4.4.5)

csv-parse NPM version =0.0.2, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =4.2.0, =1.0.0, =7.2.1, =1.0.0, =1.0.0, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2019-17592 Source advisory: OSV:GHSA-582F-P4PG-XC74...

GHSA-582F-P4PG-XC74 Regular Expression Denial of Service in csv-parse

Versions of csv-parse prior to 4.4.6 are vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large specially-crafted input very slowly, leading to a Denial of Service. This is triggered when using the cast option...

Regular Expression Denial of Service in csv-parse

Versions of csv-parse prior to 4.4.6 are vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large specially-crafted input very slowly, leading to a Denial of Service. This is triggered when using the cast option...

CVE-2019-17592

The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option...

CVE-2019-17592

The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option...

Design/Logic Flaw

The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option...

CVE-2019-17592

The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option...

CVE-2019-17592

CVE-2019-17592 affects Node.js csv-parse prior to 4.4.6, where a malformed regular expression in the __isInt() function under the cast option enables a Denial of Service with crafted input. The vulnerability is tied to the csv-parse module, with CVSS v3.1 base score 7.5 (high) and CVSS v2 base sc...

Export Users to CSV < 1.4 - Unauthorised CSV Access

The plugin exports a CSV file containing sensitive user data. The generated files are stored in a public directory with a predictable filename based on a Unix timestamp. CSV files are discoverable either through enumeration or path traversal. Export Users to CSV does not provide visibility over...

Fedora Update for phpMyAdmin FEDORA-2019-3b5a7abe17

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

September 24, 2019—KB4516041 (Preview of Monthly Rollup)

September 24, 2019—KB4516041 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4516067 released September 10, 2019 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Address...

[SECURITY] Fedora 29 Update: phpMyAdmin-4.9.1-1.fc29

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Privilege escalation

Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a na...

CVE-2019-11275

CVE-2019-11275 affects Pivotal Application Manager (versions 666.0.x before 666.0.36, 667.0.x before 667.0.22, 668.0.x before 668.0.21, 669.0.x before 669.0.13, and 670.0.x before 670.0.7). A remote authenticated user can create an app with a name that a CSV program may interpret as a formula, le...

CVE-2019-11275 CSV Injection in usage report downloaded from Pivotal Application Manager

Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versions 667.0.x prior to 667.0.22, versions 668.0.x prior to 668.0.21, versions 669.0.x prior to 669.0.13, and versions 670.0.x prior to 670.0.7, contain a vulnerability where a remote authenticated user can create an app with a na...

Empower your Cloud Ops Teams – Publish Qualys CloudView Security Assessment Reports to their Slack Channel

In today’s constantly changing and evolving cloud environments, being able to quickly provide information on misconfigurations and security policy violations in your cloud accounts and assets has become a critical need to the success of your security operations. Many cloud platforms offer tools...

Regular Expression Denial Of Service (ReDoS)

csv-parse is vulnerable to regular expression regex denial of service. The isInt function contains a malformed regular expression when using the cast option. The regex processes large malicious input slowly which can potentially lead to an application crash...

Npmjs 'csv-parse' Module CVE-2019-17592 Denial of Service Vulnerability

Description Npmjs 'csv-parse' module is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. Versions prior to csv-parse module 4.4.6 are vulnerable; other versions may also be affected. Technologies Affected Npmjs csv-parse 0.1.0...

Regular Expression Denial of Service

Overview Versions of csv-parse prior to 4.4.6 are vulnerable to Regular Expression Denial of Service. The isInt function contains a malformed regular expression that processes large specially-crafted input very slowly, leading to a Denial of Service. This is triggered when using the cast option...