What is RCE (Remote code execution) attack ❓ Prevention methods

What is Remote Code Execution? Remote Code Execution or execution, also known as Arbitrary Code Execution, is a concept that describes a form of cyberattack in which the attacker can solely command the operation of another person’s computing device or computer. RCE takes place when malicious...

[SECURITY] Fedora 33 Update: curl-7.71.1-11.fc33

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

[SECURITY] Fedora 34 Update: curl-7.76.1-12.fc34

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

prismjs Regular Expression Denial of Service vulnerability

Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU...

The vulnerability of the lys_node_free() function in the syntax analyzer and modeling tool of the YANG Libyang language, related to the insufficient use of the assert() function, allows attackers to trigger a service failure.

The vulnerability of the lysnodefree function in the syntax analyzer and modeling tool of the YANG Libyang language is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the Prism syntax extraction tool, related to errors in resource release, allows a perpetrator to cause a service failure.

The vulnerability of the Prism syntax extraction tool is related to errors in resource release. Exploiting this vulnerability can allow a remote attacker to cause service failures...

Vulnerability of software for modeling, designing, and drawing in AutoCAD, related to incorrect handling of exceptional states, allowing a violator to execute arbitrary code.

The vulnerability of software for modeling, designing, and drawing in AutoCAD is related to incorrect processing of exceptional states during syntax analysis of DWG files. Exploiting this vulnerability can allow attackers to execute arbitrary code using a specially created malicious DWG file...

Prism 安全漏洞

Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. Prism suffers from a security vulnerability that stems from Prism's susceptibility to inefficient regular expression complexity...

EulerOS 2.0 SP2 : python-pygments (EulerOS-SA-2021-2441)

According to the versions of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regula...

SUSE-SU-2021:2891-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

Tko-Subs - A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records

This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc. that can be taken over. a dangling CNAME pointing to a non-existent domain name one or more wrong/typoed NS...

CVE-2021-37634

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

CVE-2021-37634

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

GitLab: ReDoS in syntax highlighting due to Rouge

Summary Gitlab is using the ruby gem "rouge" which has a ReDoS vulnerability. In rouge, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have cubic worst-case complexity and are vulnerable to Regular Expression Denial of Service...

Vulnerability of software for modeling, design, and drawing in AutoCAD, related to data writing beyond the buffer, allowing a perpetrator to execute arbitrary code

The vulnerability of software for modeling, designing, and drawing in AutoCAD relates to the writing of data beyond the buffer during syntax analysis of DWG files. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DWG file...

U.S. Dept Of Defense: SQL injection located in `███` in POST param `████████`

Hey DoD security team! I was able to exploit an SQL injection 1 in one of your domains. Description An SQL injection 1 was discovered in domain https://████████/██████ in the parameter ██████████. The SQL injection was located in a WHERE statment fallowed by a INT value. The vulnerable parameter...

The vulnerability of the dynamically linked library ugeom2d.dll, a set of tools for design and simulation in Siemens Solid Edge, allows a hacker to execute arbitrary code.

The vulnerability of the dynamically linked library ugeom2d.dll, which is part of Siemens Solid Edge’s design and modeling tools, relates to the writing beyond buffer boundaries in memory during DFT file syntax analysis. Exploiting this vulnerability could allow an attacker to execute arbitrary...

The vulnerability of the dynamically linked library jutil.dll, a set of tools for design and simulation in Siemens Solid Edge, allows a perpetrator to execute arbitrary code.

The vulnerability of the dynamically linked library jutil.dll, which is part of the Siemens Solid Edge design and simulation tools, relates to writing beyond buffer boundaries in memory during DFT file syntax analysis. Exploiting this vulnerability could allow an attacker to execute arbitrary cod...

The vulnerability of the implementation of syntactic analysis for PDF format files in the Autodesk Design Review software allows a perpetrator to execute arbitrary code.

The vulnerability of the PDF syntax analysis implementation of the Autodesk Design Review software relates to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...