AZL-52551 CVE-2024-21538 affecting package nodejs18 for versions less than 18.20.3-2

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52548 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

CVE-2024-21538 affects the cross-spawn package. The NVD description notes a ReDoS vulnerability caused by improper input sanitization, enabling an attacker to drive high CPU usage and crash the process with crafted input. Affected versions are cross-spawn before 6.0.6, and between 7.0.0 and befor...

CVE-2019-20459

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

Regular Expression Denial Of Service (ReDoS)

rexml is vulnerable to a Regular Expression Denial of Service ReDoS vulnerability. The vulnerability is due to inefficient regular expression handling when parsing XML inputs that contain a large number of digits in hex numeric character references &x...;, allows an attacker to craft inputs that...

Regular Expression Denial Of Service (ReDoS)

Useragent is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to ReDoS caused by the presence of regular expressions that can be exploited to cause high CPU usage, leading to denial of service...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

CVE-2019-20460

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require anti-CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For...

CVE-2019-20460

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require anti-CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

PT-2024-10734 · Epson · Epson Expression Home Xp255

Name of the Vulnerable Software and Affected Versions: Epson Expression Home XP255 version 20.08.FM10I8 Description: An issue was discovered where the device comes without a password and the user is not prompted to set one up, allowing anyone to access the web admin panel and become admin without...

CVE-2019-20460

Affects Epson Expression Home XP255 20.08.FM10I8. Root cause: POST to RAW printer interface lacks CSRF validation, enabling CSRF attacks to send text to the RAW interface and potentially print unwanted content. Impact is described as high (C/H/I/A) per CVSS 3.1. Remediation available in connected...

RHEL 8 : python39:3.9 (RHSA-2024:6915)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6915 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CVE-2019-20458

CVE-2019-20458 affects Epson Expression Home XP255 (version 20.08.FM10I8). The root cause is that the device ships with no password and does not prompt the user to set one, enabling anyone who can reach the web admin panel to gain admin privileges. Public sources corroborate that this results in ...

CVE-2019-20458

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes and functions without a password. The user is at no point prompted to set up a password on the device leaving a number of devices without a password. In this case, anyone connecting to the we...

CVE-2019-20459

An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS...

CVE-2024-50343 Incorrect response from Validator when input ends with `\n` in symfony/validator

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

CVE-2024-50343

CVE-2024-50343 affects the Symfony PHP framework’s validator component (symfony/validator). An input ending with a newline could bypass validation when using regular expressions configured with the $ metacharacter; Symfony versions 5.4.43, 6.4.11, and 7.1.4 now apply the D modifier to ensure the ...

Symfony 输入验证错误漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. An input validation error vulnerability exists in Symfony. An attacker could use this vulnerability to spoof a "Validator" configured with a regular expression using the "$"...