Spring Data Commons Remote Code Execution Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A remote code execution vulnerability exists in Spring Data Commons. The vulnerability is due to the Spring Data Commons module using SpEl expression...

Netwide Assembler De-Zero Vulnerability

Netwide Assembler NASM is a portable, modular 80x86 and x86-64 assembler. A divide-by-zero vulnerability exists in the expr5 function in asm/eval.c in Netwide Assembler NASM 2.14rc0. An attacker can exploit this vulnerability via a malformed input file to cause a divide-by-zero error...

LinkFinder - A Python Script That Finds Endpoints In JavaScript Files

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:0879-1)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

Regular Expression Denial Of Service (ReDoS)

sshpk is vulnerable to Regular expression Denial of Service ReDoS. Due to weak regular expression choice used for public key, attackers are able to pass a malicious public key string , leading to a huge performance slow down...

FreeBSD : apache -- multiple vulnerabilities (f38187e7-2f6e-11e8-8f07-b499baebfeaf)

The Apache httpd reports : Out of bound write in modauthnzldap with AuthLDAPCharsetConfig enabled CVE-2017-15710 modsession: CGI-like applications that intend to read from modsession's 'SessionEnv ON' could be fooled into reading user-supplied data instead. CVE-2018-1283 modcachesocache: Fix...

CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

mailman security update

3:2.1.15-26.1 - Related: 1545974 - Add import regular expression module 3:2.1.15-26 - Related: 1545974 - Bump release to make it higher than 7.5 3:2.1.15-24.2 - Resolves: 1545974 - Add sanitizer to mitigate XSS injection 3:2.1.15-24.1 - Resolves: 1545974 - Fix XSS vulnerability in web UI...

Design/Logic Flaw

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

CVE-2018-7537

The CVE-2018-7537 vulnerability affects Django versions prior to 2.0.3, 1.11 prior to 1.11.11, and 1.8 prior to 1.8.19, where passing html=True to Truncator.chars() and Truncator.words() causes catastrophic backtracking in a regex, impacting the truncatechars_html and truncatewords_html template ...

CVE-2017-18214

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

GHSA-325J-24F4-QV5X Regular Expression Denial of Service in ssri

Version of ssri prior to 5.2.2 are vulnerable to regular expression denial of service ReDoS when using strict mode. Recommendation Update to version 5.2.2 or later...

Spring data rest 远程代码执行(cve-2017-8046)

漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器，使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制，编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本： Spring...

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

Information Exposure

Overview django is a Python Web framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking in two regular expressions. The...

Regular Expression Denial of Service (ReDoS)

Overview django is a Python Web framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due t...

GHSA-6JQP-J69Q-PM62 AWS Lambda parser is vulnerable to Regular Expression Denial of Service

index.js in the aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service ReDoS issue via a crafted multipart/form-data boundary string...