GHSA-CC65-XXVF-F7R9 Scrapy vulnerable to ReDoS via XMLFeedSpider

Impact The following parts of the Scrapy API were found to be vulnerable to a ReDoS attack: - The XMLFeedSpider class or any subclass that uses the default node iterator: iternodes, as well as direct uses of the scrapy.utils.iterators.xmliter function. - Scrapy 2.6.0 to 2.11.0: The openinbrowser...

CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. AssetView Use custom severities in AV searches and...

newsbeuter shell characters vulnerability

Shell characters vulnerability on "open-in-browser" command...

CVE-2008-3907

The CVE-2008-3907 entry concerns Newsbeuter’s open-in-browser command. Affected software: Newsbeuter prior to version 1.1 (and discussed in GLSA 200809-12). Root cause: open-in-browser does not properly escape shell metacharacters in feed URLs before passing to system(), enabling remote execution...