CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

UBUNTU-CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

CVE-2021-44540

A vulnerability was found in Privoxy which was fixed in geturlspecparam by freeing memory of compiled pattern spec before bailing...

Security Bulletin: Multiple vulnerabilities in Apache log4j affect the IBM WebSphere Application Server which is shipped with IBM Intelligent Operations Center (CVE-2021-4104, CVE-2021-45046).

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

Security Bulletin: Vulnerability in Apache Log4j affects IBM SPSS Analytic Server (CVE-2021-45105 and CVE-2021-45046)

Summary There is a vulnerability in the version of Apache Log4j that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

Inefficient Regular Expression Complexity in idank/explainshell

Description In the latest version of explainshell ebc5e9f2 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service Proof of Concept PoC based on code in explainshell/options.py Python import logging import re if name == "main":...

Apache Log4j2 Denial of Service Vulnerability (CNVD-2021-101661)

Log4j is an open source project of Apache , through the use of Log4j, you can control the destination of the log message delivery is the console , files , GUI components , and even sets of interfaces servers , NT's event logger and so on. A denial of service vulnerability exists in Apache Log4j2...

MGASA-2021-0566 Updated log4j packages fix security vulnerability

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

Apache Log4j 2.x < 2.17.0 DoS

The version of Apache Log4j on the remote host is 2.x 2.3.1 / 2.13.2 / 2.17.0. It is, therefore, affected by a denial of service vulnerability. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuratio...

Apache Log4j 安全漏洞

Log4j is an open source project of Apache , through the use of Log4j, you can control the destination of the log message delivery is the console , files , GUI components , and even sets of interfaces servers , NT's event logger and so on. A denial of service vulnerability exists in Apache Log4j2...

Apache Log4Shell CVE-2021-45046 Bypass Remote Code Execution

Binary data apachelog4shellCVE-2021-45056directcheck.nbin...

Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability

Summary App Connect Professional have addressed the following vulnerability reported in GNU C Library. Vulnerability Details CVEID: CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted,...

Denial Of Service (DoS)

log4j-core is vulnerable to denial of service DoS. The vulnerability exists because previous mitigation for CVE-2021-44228 is incomplete in certain non-default configurations. An attacker can send a malicious Thread Context Map MDC input data in JNDI Lookup pattern using a non-default Pattern...

DEBIAN-CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

CVE-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

PT-2021-24127 · Privoxy +4 · Privoxy +4

Name of the Vulnerable Software and Affected Versions: Privoxy affected versions not specified Description: A vulnerability was found in Privoxy, which was fixed by freeing the memory of the compiled pattern spec before bailing in the get url spec param function. Recommendations: At the moment,...

Privoxy -- Multiple vulnerabilities (memory leak, XSS)

Privoxy reports: cgierrornotemplate: Encode the template name to prevent XSS cross-site scripting when Privoxy is configured to servce the user-manual itself. Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. Reported by: Artem Ivanov geturlspecparam: Free memory of compiled pattern spec...