FreeBSD : rubygem-uri -- ReDoS vulnerability (9b60bba1-cf18-11ed-bd44-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9b60bba1-cf18-11ed-bd44-080027f5fec9 advisory. - Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles...

FreeBSD : rubygem-time -- ReDoS vulnerability (6bd2773c-cf1a-11ed-bd44-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6bd2773c-cf1a-11ed-bd44-080027f5fec9 advisory. - oooooooq reports: The Time parser mishandles invalid strings that have specific characters. It causes...

CVE-2022-42426

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

rubygem-uri -- ReDoS vulnerability

Dominic Couture reports: A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

CLSA-2023-1679943745 Fix CVE(s): CVE-2023-25690

SECURITY UPDATE: proxy configuration may trigger HTTP request smuggling attack - debian/patches/CVE-2023-25690.patch: don't forward invalid query strings - CVE-2023-25690...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

PT-2023-20006 · Stimulsoft · Stimulsoft Designer +1

Name of the Vulnerable Software and Affected Versions: Stimulsoft Designer Desktop versions 2023.1.4 through 2023.1.5 Description: The issue allows an attacker to decrypt connection strings stored in .mrt files by decompiling the Stimulsoft.report.dll, as it uses a static secret that does not...

Updated gssntlmssp packages fix security vulnerability

Multiple out-of-bounds read when decoding NTLM fields. CVE-2023-25563 Memory corruption when decoding UTF16 strings. CVE-2023-25564 Incorrect free when decoding target information. CVE-2023-25565 Memory leak when parsing usernames. CVE-2023-25566 Out-of-bounds read when decoding target informatio...

Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially...

Amazon Linux 2023 : unzip (ALAS2023-2023-029)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-029 advisory. A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially...

UBUNTU-CVE-2023-27598

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

CVE-2023-27598 OpenSIPS has vulnerability in the parse_via() function

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

Malicious Package

Overview owa-strings is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Denial Of Service (DoS)

gss-ntlmssp is vulnerable to Denial of Service DoS attacks. Memory corruption can be triggered when decoding UTF16 strings if the variable 'outlen' is not initialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory spac...

NETGEAR Nighthawk 安全漏洞

The NETGEAR Nighthawk WiFi6 Router is a series of wireless routers from NETGEAR. The NETGEAR Nighthawk WiFi6 Router suffers from a code execution vulnerability that stems from the device containing format strings in the SOAP service, which can be exploited by an attacker to execute arbitrary code...

Malicious code in owa-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11e49aab0abb7a01a703ccc6527f87fb4d48ccf2f542466b209e0bd4ca1b2da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-662 Malicious code in owa-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11e49aab0abb7a01a703ccc6527f87fb4d48ccf2f542466b209e0bd4ca1b2da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...