Adobe Experience Manager Blind Server-Side Request Forgery Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Foxit Reader Javascript Field fileSelect Use After Free Vulnerability

Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

CVE-2020-27816

The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link kibana console to different one, created based on the new CR for the new kibana resource. This could lead to an...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Input validation

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-7754 Regular Expression Denial of Service (ReDoS)

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

CVE-2020-26879

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validatetoken.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header...

PT-2020-14325 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.4.0 Description: The issue allows an attacker to pass an invalid axis value to tf.quantization.quantize and dequantize, resulting in accessing a dimension outside the rank of the input tensor in the C++ kernel...

Regular Expression Denial Of Service (ReDoS)

npm-user-validate is vulnerable to regular expression denial of service ReDoS. The vulnerability exists as an email string that starts with the @ character causes an exponentially longer time to process the entire input string...

Regular Expression Denial of Service

Overview npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this...

GHSA-XGH6-85XH-479P Regular Expression Denial of Service in npm-user-validate

npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this function to...

Regular Expression Denial of Service in npm-user-validate

npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this function to...

Cross site scripting

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly...

exiv2 security update

0.27.0-3 - Validate relationship of the total size to the offset to avoid crash Resolves: bz1775695...

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

...