OESA-2021-1136 hibernate3 security update

Security Fixes: A flaw was found in Hibernate ORM. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly...

OESA-2021-1132 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

[SECURITY] Fedora 32 Update: rubygem-kramdown-2.1.0-5.fc32

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

Debian DSA-4878-1 : pygments - security update

Ben Caller discovered that Pygments, a syntax highlighting package written in Python 3, used regular expressions which could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4878...

mongo-express 安全漏洞

mongo-express is a lightweight, web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express before 1.0.0, which stems from implementing support for certain advanced syntax in an insecure manner...

[SECURITY] [DSA 4878-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4878-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2021 https://www.debian.org/security/faq -...

Pygments Denial of Service Attack Vulnerability

Pygments is a general-purpose syntax highlighting tool for code hosting, forums, wikis, or other applications that need to beautify their source code. A denial of service vulnerability exists in Pygments versions 1.5 through 2.7.3. The vulnerability arises due to an infinite loop in the SMLLexer ...

Code injection

In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the applicatio...

Input validation

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

CVE-2021-20270

CVE-2021-20270 describes an infinite loop in Pygments’ SMLLexer, affecting Pygments 1.5–2.7.3, which can cause DoS during syntax highlighting of StandardML sources (e.g., input containing only the keyword “exception”). Connected advisories confirm affected distributions (e.g., Debian, AlmaLinux, ...

CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

Mautic 注入漏洞

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails, and manages customer resources. Mautic 3.3.2 suffers from an injection vulnerability that allows an authorized administrator user to expose confidential parameters by leveraging Symfo...

The vulnerability of the ASN.1 BER analyzer of the computer network traffic analysis tool Wireshark allows a hacker to cause a service failure.

The vulnerability of the ASN.1 BER analyzer in Wireshark for analyzing computer network traffic involves an operation that goes beyond the acceptable limits of the data buffer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

GitLab: RCE via unsafe inline Kramdown options when rendering certain Wiki pages

Summary When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and...

CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML source file, as demonstrated by input that only contains the "exception" keyword...

PT-2021-3013 · Microsoft · Office Web Apps +1

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to incorrect code generation management during the syntactic analysis of XLS files in Microsoft Office and Microsoft Office Web Apps. This can be exploited by ...

Fedora: Security Advisory for python-pygments (FEDORA-2021-33abbae37b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...