dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

.NET Core and Visual Studio Denial of Service Vulnerability...

RHEL 7 : rh-mysql80-mysql (RHSA-2022:6518)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6518 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

Pict - Post-Infection Collection Toolkit

This set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process. This data should not be considered to be a full forensic data collection, but does capture a lot of useful forensic information. If you want true...

[SECURITY] Fedora 36 Update: golang-github-facebookincubator-nvdtools-0.1.4-6.fc36

A set of tools to work with the feeds vulnerabilities, CPE dictionary etc. distributed by National Vulnerability Database NVD...

IBM Spectrum Protect 8.1.0.000 < 8.1.15.000 Multiple Vulnerabilites

IBM Spectrum Protect, formerly known as Tivoli Storage Manager, running on the remote host is version 8.1.0.000 8.1.15.000. It is, therefore, is vulnerable to both: - An offline dictionary attack CVE-2022-22496 while a user account is being established for the IBM Spectrum Protect server if...

Django: SQL injection via QuerySet.explain(options) on PostgreSQL

A flaw was found in the Django package, leading to a SQL injection. This flaw allows an attacker using a crafted dictionary containing malicious SQL queries to compromise the database completely...

[SECURITY] Fedora 35 Update: golang-github-facebookincubator-nvdtools-0.1.4-5.fc35

A set of tools to work with the feeds vulnerabilities, CPE dictionary etc. distributed by National Vulnerability Database NVD...

glance 路径遍历漏洞

glance is a dictionary visualization repository open source by nlpweb. glance 2014-06-27 version and earlier versions have a security vulnerability , the vulnerability stems from Flask's sendfile function call incorrectly leads to absolute path traversal...

GHSA-WPQR-JCPX-745R Incorrect handling of invalid surrogate pair characters

Impact What kind of vulnerability is it? Who is impacted? Anyone parsing JSON from an untrusted source is vulnerable. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key...

Incorrect handling of invalid surrogate pair characters

Impact What kind of vulnerability is it? Who is impacted? Anyone parsing JSON from an untrusted source is vulnerable. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key...

UltraJSON 安全漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A security vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an inability to properly decode certain characters, allowing for potential key obfuscation and...

PT-2022-5174 · Oracle +5 · Mysql Server +4

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: Data Dictionary component. This allows a high-privileged attacker with network...

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2021-41995

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2021-41995 PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass...

CVE-2021-41995

PingID Mac Login prior to 1.1 is affected by an RSA misconfiguration that enables pre-computed dictionary attacks, allowing offline MFA bypass. Affected product: PingID Mac Login; vulnerable versions are

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

Code injection

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

CVE-2022-22496

CVE-2022-22496 affects IBM Spectrum Protect Server 8.1.0.000–8.1.14 when a user account is being established and the installation is configured with SESSIONSECURITY=TRANSITIONAL. In this mode, it is susceptible to an offline dictionary attack that could expose credentials. The issue is documented...