GHSA-M489-XR35-FJXR Regular Expression Denial of Service in millisecond

Versions of millisecond prior to 0.1.2 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of concept var ms = require'millisecond'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

DEBIAN-CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

PYSEC-2021-358

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

UBUNTU-CVE-2021-3583

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters...

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

Deserialization of Untrusted Data in com.jsoniter:jsoniter

Withdrawn was withdrawn by its CNA. Further investigation showed that it was not a security issue. Original Description All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certai...

CVE-2021-3795

A flaw was found in the semver-regex library where it could lead to consuming a big amount of resources when executing specific strings. Attackers could take advantage of this by crafting an invalid version causing a disruption or a denial of service DoS...

SUSE-SU-2021:3170-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: branch-network-formula: - Use kernel parameters from PXE formula also for local boot cobbler - security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection bsc1189458 - CVE-2021-40324: Fixed an arbitrary file write bsc11894...

The vulnerability in the `lit_read_code_unit_from_utf8` function of the `lit-strings.c` component in the JavaScript Internet of Things scripting engine JerryScript and the IoT.js platform, related to buffer-overflow writing, allows a malicious actor to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the litreadcodeunitfromutf8 function in the lit-strings.c component of the JavaScript IoT scripting engine for IoTScript and the IoT.js platform is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain access to sensitive data,...

SUSE-SU-2021:14802-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings bsc1189521...

Teleport 安全漏洞

Teleport is an identity-aware, multi-protocol access agent from Teleport USA, Inc. Used by engineers and security professionals to unify access to SSH servers, Kubernetes clusters, web applications and databases across all environments.Teleport suffers from a security vulnerability that could be...

CVE-2021-38412

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

Authentication flaw

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

openSUSE 15 Security Update : openssl-1_0_0 (openSUSE-SU-2021:1261-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1261-1 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field...

OPENSUSE-SU-2021:1261-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings bsc1189521. This update was imported from the SUSE:SLE-15:Update update project...

Digi PortServer TS 访问控制错误漏洞

Digi PortServer TS is used by Digital Networks Malaysia Digi for easy serial to Ethernet connectivity. An Access Control Error vulnerability exists in Digi PortServer TS 16, which stems from properly formatted POST requests for multiple resources on the software's HTTP and HTTPS web servers that ...

SUSE-SU-2021:3019-1 Security update for compat-openssl098

This update for compat-openssl098 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings bsc1189521...

SUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2021:2995-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2995-1 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string dat...