OESA-2022-1971 python-oauthlib security update

Security Fixes: OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is...

RHEL 7 : rh-nodejs14-nodejs (RHSA-2021:0421)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0421 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs10-nodejs (RHSA-2021:0521)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0521 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

UBUNTU-CVE-2022-36087

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

CVE-2022-39810

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be...

CVE-2022-36087 OAuthLib vulnerable DoS when attacker provides malicious IPV6 URI

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of urivalidate functions depending where it is used. OAuthLib...

Ubuntu: Security Advisory (USN-4163-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Broken Link Checker < 1.11.17 - Admin+ PHAR Deserialization

The plugin does not validate a parameter, which could allow high privilege users such as admin to perform PHAR deserialisation when a suitable gadget chain is also present...

Malicious relayer can execute stale transactions by spoofing validator weights/threshold in proof

Lines of code Vulnerability details Impact Transaction is submit with wrong validator information, allowing stale commands to be executed Proof of Concept This vulnerability is a result of allowing msg.sender to provide key information identifying operators. First we need to understand how the...

Solana Pay 安全漏洞

Solana Pay is a standard protocol and a set of reference implementations from the Solana Foundation in Switzerland. It enables developers to integrate decentralized payments into their applications and services. A security vulnerability exists in Solana Pay versions prior to 0.2.1 that stems from...

PT-2022-23023 · Solana · Solana Pay

Name of the Vulnerable Software and Affected Versions: Solana Pay versions prior to 0.2.1 Description: Solana Pay is a protocol that enables developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-6.fc36

Protoc plugin to generate polyglot message validators...

PT-2022-22340 · Jenkins · Jenkins Matrix Reloaded Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to rebuild previous matrix builds. This issue arises because the plugin does not require POST requests for...

VulnCheck KEV: CVE-2020-26879

Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validatetoken.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header...

Regular Expression Denial Of Service (ReDoS)

validate-color is vulnerable to regular expression denial of service ReDoS attacks. A remote attacker is able to cause denial of service conditions via injecting crafted invalid rgba strings through validateHTMLColorRgb function...

CVE-2021-40893

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails...

Denial of service

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails...

CVE-2021-40893

A Regular Expression Denial of Service ReDOS vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails...