CVE-2023-31670

The CVE-2023-31670 entry refers to a vulnerability in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 that can cause a Denial of Service (DoS) when processing a crafted binary. The connected sources confirm the affected components and the DoS impact, including CVSS...

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

CVE-2023-31670

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service DoS via running a crafted binary...

CVE-2023-28649

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but do...

Path Traversal

spring-boot-actuator-logview is vulnerable to Path Traversal. The vulnerability exists in the securityCheck function of LogViewEndpoint.java because it does not properly validate relative paths, allowing an attacker to access files outside the expected directory through the path such as /usr/outn...

CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

CVE-2023-29530 Laminas Diactoros vulnerable to HTTP Multiline Header Termination

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

UBUNTU-CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab, which stems from a server-side reque...

AZL-26153 CVE-2023-26917 affecting package libyang for versions less than 2.1.55-1

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lyspstmtvalidatevalue at lysparsemem.c...

CVE-2023-26917

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lyspstmtvalidatevalue at lysparsemem.c...

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

UBUNTU-CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

PT-2023-9395 · Configobj +5 · Configobj +5

Name of the Vulnerable Software and Affected Versions: configobj versions all versions Description: The issue is related to the use of a regular expression with inefficient computational complexity in the configobj package. This can be exploited to cause a denial of service. The validate function...

Configobj -- Regular Expression Denial of Service attack

[email protected] reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?..Note: This is only exploitable in the case of a developer putting the offending value in a server side configuration file...