Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2024-582)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-582 advisory. Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a...

Django: denial-of-service in ``intcomma`` template filter

A vulnerability was found in Django. When used with very long strings, the intcomma template filter was subject to a potential denial of service attack...

CVE-2024-2745

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive...

CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive...

CVE-2024-2745 Rapid7 InsightVM Sensitive Information Exposure via URL

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive...

CVE-2024-2745

Affected product : Rapid7 InsightVM maintenance mode login page. Vulnerability : sensitive information exposure via URL query strings when a login attempt occurs before the page is fully loaded. Impact : potential exposure of passwords, authentication tokens, usernames, and other sensitive data. ...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

CVE-2024-28867 Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

OESA-2024-1338 nodejs-qs security update

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others. Security Fixes: qs before 6.10.3, as used in Express before 4.17.3 a...

Prometheus 安全漏洞

Prometheus is open source software written in the Go language for recording real-time metrics from time series databases built using the HTTP pull model. A security vulnerability exists in versions prior to Swift Prometheus 2.0.0-alpha.2 that stems from applying uncleaned string values to the cod...

USN-6712-1: Net::CIDR::Lite vulnerability

It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to bypass access controls...

AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1431 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

DEBIAN-CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

UBUNTU-CVE-2024-21503

Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...

PT-2024-11204 · Unknown · Net::Ipaddress::Util

Name of the Vulnerable Software and Affected Versions: Net::IPAddress::Util versions prior to 5.000 Description: The issue arises from the Net::IPAddress::Util module not properly handling extraneous zero characters in IP address strings. This can lead to attackers bypassing access control based ...

Sensitive Query Strings In GET Request

directus is vulnerable to the Use of a GET Request Method With Sensitive Query Strings. The vulnerability is due to the inclusion of session tokens in URLs, which are often logged in various places, posing a security risk. Attackers gaining access to these logs may hijack active user sessions,...

Secrets Sensei: Conquering Secrets Management Challenges

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. Howeve...

BIT-GULP-2020-28469 Regular Expression Denial of Service (ReDoS)

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

BIT-DJANGO-2024-24680

An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings...