11641 matches found
Microsoft Input Method Editor 资源管理错误漏洞
Microsoft Input Method Editor IME is a software component from Microsoft Corporation that enables users to enter text in languages that cannot be easily represented on a standard QWERTY keyboard. A resource management error vulnerability exists in Microsoft Input Method Editor. An attacker could...
PT-2024-36561 · Nette · Nette Database
Name of the Vulnerable Software and Affected Versions: Nette Database versions 3.2.4 and earlier Description: The issue allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. This occurs when there's an untrusted filter sent straight ...
Bit flip attack vulnerability in cookie-encrypter
due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...
CVE-2024-45760
Dell OpenManage Server Administrator (Dell OMSA) — affected: version 11.0.1.0 and prior. Vulnerability: improper access control allowing a remote, low-privilege user to perform unauthorized actions with elevated privileges via HTTP GET. Impact per sources: potential elevation of privilege; no exp...
Denial Of Service (DoS)
org.keycloak, keycloak-services is vulnerable to Denial Of Service DoS. The vulnerability is due to untrusted data passed to the SearchQueryUtils method, which allows an attacker to exploit Regex complexity and exhaust system resources...
CVE-2024-12254
A flaw was found in Python. In certain configurations, the asyncio.SelectorSocketTransport.writelines method fails to signal the protocol to clear the write buffer when it approaches capacity. Because of this, protocols would not periodically drain the write buffer, potentially leading to a denia...
CVE-2024-12254
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
CVE-2024-12254 Unbounded memory buffering in SelectorSocketTransport.writelines()
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
CVE-2024-12254
Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer...
Django denial-of-service in django.utils.html.strip_tags()
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...
PYSEC-2024-156
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2024-53907
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2024-53907
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...
The vulnerability of the atob method in the universal monitoring system Zabbix allows attackers to compromise the integrity of the protected information.
The vulnerability of the atob method in the Zabbix universal monitoring system is related to access to a critical private variable through a publicly accessible method. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...
CVE-2024-44854
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan...
Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the WriteDataFile method. The issue results from th...
CVE-2024-53907
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...
Python 安全漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.12.0 and later, which stems from the fact that the...
PT-2024-9309 · Dell · Dell Openmanage Server Administrator
Name of the Vulnerable Software and Affected Versions: Dell OpenManage Server Administrator versions 11.0.1.0 and prior Description: The issue is related to an improper access control vulnerability in the Dell OpenManage Server Administrator. This vulnerability can be exploited by a remote...
CVE-2024-53907
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...