@motowhere/nodemailer-mock-transport (=1.3.1), @nexdrew/newww (>=0.0.1 <=0.0.2) +27 more potentially affected by CVE-2020-7754 via npm-user-validate (>=0.0.3 <=0.1.5)

npm-user-validate NPM version =0.0.3, =0.0.1, =2.0.3, =3.1.0-alpha.0, =2.0.2, =2.0.1, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.1, =0.0.29, =2.0.0, =0.4.0, =0.5.0 and more Source cves: CVE-2020-7754 Source advisory: OSV:GHSA-PW54-MH39-W3HC...

GHSA-PW54-MH39-W3HC Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

SUSE: Security Advisory (SUSE-SU-2018:2814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UPchieve: Hyper Link Injection while signup

Summary: Attacker can add their name to a URL in order to send email containing malicious hyperlinks. while signup Steps To Reproduce: 1-Go to https://app.upchieve.org and create account with the first name http://attacker.com/ and last name . 2-Now check your email and you notice there is...

OTRS 6.0.x <= 7.0.24, 8.0.x <= 8.0.11 ReDoS Vulnerability

OTRS is prone to a regular expression denial of service ReDoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Unspecified Bypass Vulnerability in Data-Validate-IP

Data-Validate-IP is an open source application by Dave Rolsky. Provides IPv4 and IPv6 validation methods. Data-Validate-IP version before 0.29 has a security vulnerability that can be exploited by attackers to bypass IP address-based access control...

DEBIAN-CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

Improper access control

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

UBUNTU-CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

CVE-2021-29662 is linked to the Data::Validate::IP Perl module (versions up to 0.29). The root cause is that the validator does not properly handle extraneous leading zero characters in IP address strings, which can allow bypass of IP-based access control in some scenarios. The issue is reported ...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

DEBIAN-CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

The vulnerability of the installation package verification subsystem of the Junos operating system, allowing a attacker to execute arbitrary commands with root privileges

The vulnerability of the Junos operating system’s installation package’s verification subsystem is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with ro...

Oracle Linux 8 : nodejs:14 (ELSA-2021-0551)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0551 advisory. nodejs 1:14.15.4-2 - Add patch for yarn crash - Resolves: RHBZ1916465 1:14.15.4-1 - Security rebase to 14.15.4 -...

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...