Regular Expression Denial Of Service (ReDoS)

eth-account is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the TYPEREGEX attribute in the validatetypesattribute function of validation.py, allowing an attacker to crash the application by providing a malicious input...

CLSA-2022-1661174726 Fixed CVE-2022-2581 in vim

CVE-2022-2581: fix illegal memory access when pattern starts with illegal byte...

Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation

Overview Trend Micro Incorporated has released security updates for Endpoint security products for enterprises. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A non-administrative user of the system where the affected product...

Fixed CVE-2022-2581 in vim

CVE-2022-2581: fix illegal memory access when pattern starts with illegal byte...

CLSA-2022-1660762683 Fixed CVE-2022-2581 in vim

CVE-2022-2581: fix illegal memory access when pattern starts with illegal byte...

[SECURITY] Fedora 36 Update: python-yara-4.2.0-5.fc36

Python binding for the YARA pattern matching tool. YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

GHSA-VP56-6G26-6827 node-fetch Inefficient Regular Expression Complexity

node-fetch is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the isOriginPotentiallyTrustworthy function in referrer.js, when processing a URL string with alternating letters and periods,...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

Spoofing

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

CVE-2022-36336

A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an...

CVE-2022-36336

CVE-2022-36336 involves a local privilege-escalation in Trend Micro Apex One and Worry-Free Business Security agents caused by a link-following vulnerability in the scanning function. The available details identify the vulnerable component as the scanning service path in these products (notably t...

GHSA-VP68-FM96-7V79 Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

PT-2022-23313 · Trend Micro · Trend Micro Apex One +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Worry-Free Business Security affected versions not specified Description: A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security...

CVE-2022-36915

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

lambda_pattern (>=0.0.15 <=0.0.31), push2cloud-cli (>=1.0.0 <=2.0.3) +3 more potentially affected by CVE-2020-28422 via git-archive (=0.1.4)

git-archive NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on git-archive and may be impacted: - lambdapattern =0.0.15, =1.0.0, =1.0.0, =2.0.4 - push2cloud-compiler-rf =2.0.2 Source cves: CVE-2020-28422 Source advisory:...

kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak

The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts. An attacker can...

Reentrancy for function call before state update

Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...