18 matches found
CVE-2026-46741
Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the...
CVE-2019-11389
An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...
EUVD-2021-2586
Malware in sbrugna...
CVE-2025-40911
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...
CVE-2025-40911
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...
Improper Cache Management
github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...
The vulnerability of the svc_supportassist utility in the operating system for managing and maintaining data storage in the Dell Unity Operating Environment allows a malicious actor to execute arbitrary commands with root privileges.
The vulnerability of the svcsupportassist utility in the operating environment for managing and maintaining data storage in the Dell Unity Operating Environment exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this...
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems from PHOENIX CONTACTs WP 6xxx exists due to the lack of measures taken to neutralize special elements used in the operating system command. This vulnerability allows a intruder to gain unauthorized access to the device.
The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability can allow a malicious actor,...
Prototype Pollution
json-pointer is vulnerable to prototype pollution. The vulnerability exists in the set function of index.js, due to the improper checks for the tok variable which allows an attacker to modify object prototype attributes...
OESA-2022-2010 protobuf security update
Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the MessageSet type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input. Details...
@dataparty/bouncer-model (>=1.0.1 <=1.4.0), @dataparty/dpc (>=0.1.0 <=0.4.14) +8 more potentially affected by CVE-2020-28276 via deep-set (=1.0.1)
deep-set NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-set and may be impacted: - @dataparty/bouncer-model =1.0.1, =0.1.0, =0.1.1, =1.0.1, =0.1.0, =0.0.1, =2.2.0 - stalwart =0.1.0 Source cves: CVE-2020-28276 Source advisory:...
nconf 安全漏洞
nconf is a TOML-formatted plugin. nconf versions prior to 0.11.4 have a security vulnerability that stems from the .set function, which is responsible for setting configuration properties, being vulnerable to prototype contamination, which can be exploited by attackers to override JavaScript...
moleculer-rabbitmq-extend-delay (=1.1.12) potentially affected by CVE-2020-7715 +1 more via deep-get-set (=1.1.1)
deep-get-set NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - moleculer-rabbitmq-extend-delay =1.1.12 Source cves: CVE-2020-7715, CVE-2022-21231 Source advisory: SNYK:JS-DEEPGETSET-2342655...
CVE-2021-23344 Remote Code Execution (RCE)
The package total.js before 3.4.8 are vulnerable to Remote Code Execution RCE via set...
Moderate: Red Hat Security Advisory: mod_auth_mysql security update
An updated modauthmysql package to correct a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The modauthmysql package includes an extension module for the Apache HTTP Server which...
WordPress Charset SQL injection vulnerability (re-resend)
Terribly sorry, gmail messed up the GPG signature. Hope this one can get through. === WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-10 Source: Abel Cheung abelcheung at gmail dot com Affected version: WordPress = 2.3.1 Exploit type: Remote Risk:...
CVE-2001-0081
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys...