2272 matches found
Fedora: Security Advisory for kxstitch (FEDORA-2021-df1fa3d3e0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Use-After-Free
busybox is vulnerable to use-after-free vulnerability. A remote unauthenticated attacker could craft an awk pattern and send to the evaluate function resulting in a system hang...
Denial Of Service (DoS)
busybox is vulnerable to denial of service. An attacker can cause an application crash by providing a crafted awk pattern through the getvars function...
Denial Of Service (DoS)
busybox is vulnerable to denial of service. The vulnerability exists because it does not properly sanitize while processing a crafted awk pattern in the clrvar function which causes an application crash...
EulerOS 2.0 SP9 : cpio (EulerOS-SA-2021-2681)
According to the versions of the cpio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...
Main Swap.sol does not implement transfer-accept ownership pattern
Handle elprofesor Vulnerability details Impact Swap.sol inherits ownerpausable which inherits from Open Zep Ownable. This ownable contract allows for the transfer of ownership without validating that own address is a valid address in control of some expected recipient. If this function is used...
InvestorDistribution uses setAdmin anti-pattern
Handle elprofesor Vulnerability details Impact InvestorDistriubtion.sol uses a setAdmin function which directly sets privileged user accounts to a set value. If this function is used incorrectly or by accident, the admin user may be lost or set to a malicious account. Recommended Mitigation Steps...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
python-jinja2: ReDoS vulnerability in the urlize filter
A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...
python-pillow: Regular expression DoS in PDF format parser
A flaw was found in python-pillow. The PDF parser has a catastrophic backtracking regex that could be used as a DOS attack...
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...
OESA-2021-1416 springframework security update
The spring is based on code pubilshed in Expert One-on-One J2EE Design and Dvelopment by Rod Johnson Wrox, 2002.it is a layered Java/J2ee application framework. Security Fixes: Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mapping...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via an apache log with a certain pattern of string that can take a long time matching the expression. Note: This only affects the parserapache2 plugin of the package. Details Denial of Service...
ConcentratedLiquidityPoolManager: reclaimIncentive() does not decrement rewardsUnclaimed
Handle hickuphh3 Vulnerability details Impact reclaimIncentive withdraws any unclaimed rewards to the incentive owner. While there is a check to prevent re-claiming of rewards requireincentive.rewardsUnclaimed = amount, "ALREADYCLAIMED"; it is ineffective because incentive.rewardsUnclaimed is not...
PT-2021-23098 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to the fix of the regression introduced during TYPO3 v11 development Description: The issue is related to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses this header to generate absolute URLs,...
Regular Expression Denial Of Service (ReDoS)
prompts is vulnerable to regular expression denial of service. The use of an inefficient regex pattern for strip allows an attacker to input a malicious string, leading to an application crash...
Regular Expression Denial Of Service (ReDoS)
soap is vulnerable to regular expression denial of service. The use of an inefficient regex pattern for match in handleResponse function of http.js allows a malicious user to crash the application by providing a malicious input...
[SECURITY] Fedora 35 Update: haproxy-2.4.4-1.fc35
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
Inefficient Regular Expression Complexity in trentm/python-markdown2
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in markdown2. The ReDoS vulnerability is mainly due to the sub-pattern with quantified overlapping adjacency and can be exploited with the following code. Proof of Concept // PoC.py import markdown2 from...
Updated cpio packages fix security vulnerability
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...