1269 matches found
CVE-2021-29662
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...
Improper access control
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...
UBUNTU-CVE-2021-29662
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...
CVE-2021-29662
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...
CVE-2021-29662
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...
CVE-2021-29662
CVE-2021-29662 is linked to the Data::Validate::IP Perl module (versions up to 0.29). The root cause is that the validator does not properly handle extraneous leading zero characters in IP address strings, which can allow bypass of IP-based access control in some scenarios. The issue is reported ...
DEBIAN-CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
The vulnerability of the installation package verification subsystem of the Junos operating system, allowing a attacker to execute arbitrary commands with root privileges
The vulnerability of the Junos operating system’s installation package’s verification subsystem is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with ro...
Oracle Linux 8 : nodejs:14 (ELSA-2021-0551)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0551 advisory. nodejs 1:14.15.4-2 - Add patch for yarn crash - Resolves: RHBZ1916465 1:14.15.4-1 - Security rebase to 14.15.4 -...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
RHEL 8 : nodejs:10 (RHSA-2021:0548)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Debian DLA-2556-1 : unbound1.9 security update
Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package. CVE-2020-12662 Unbound has Insufficient Control of Network Message Volume...
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...
Lightweight Directory Access Protocol (LDAP) Injection
is-user-valid is vulnerable to Lightweight Directory Access Protocol LDAP Injection. The vulnerability exists due to an unsanitized validate function when authenticating the email in the getEmail function...
PT-2021-7292 · Php +9 · Php +9
Name of the Vulnerable Software and Affected Versions: PHP versions 7.4.x through 7.4.27 PHP versions 8.0.x through 8.0.15 PHP versions 8.1.x through 8.1.2 Description: The issue is related to the use of filter functions with the FILTER VALIDATE FLOAT filter and min/max limits in PHP. If the filt...
nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...
NextGen Gallery < 3.5.0 - CSRF allows File Upload
It was possible to bypass the "validateajaxrequest" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code ...
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7754)
Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details Third Party Entry: 189917 DESCRIPTION: Node.js npm-user-validate module denial of service CVS...
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function
A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...