GHSA-R8W9-5WCG-VFJ7 vulnerabilities

Vulnerabilities for packages: kdash, cargo-audit, topgrade, berg, zellij, pgcat, pulumi-watch, linkerd-network-validator...

unbound security update

1.16.2-5.2 - bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 - bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868...

GHSA-86H5-XCPX-CFQC ASA-2024-005: Potential slashing evasion during re-delegation

ASA-2024-005: Potential slashing evasion during re-delegation Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.4; = 0.47.9 Affected Users: Chain developers, Validator and Node operators Impact: Slashing Evasion Summary An issue was identified in the slashing...

ASA-2024-005: Potential slashing evasion during re-delegation

ASA-2024-005: Potential slashing evasion during re-delegation Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.4; = 0.47.9 Affected Users: Chain developers, Validator and Node operators Impact: Slashing Evasion Summary An issue was identified in the slashing...

PT-2024-21393 · Unknown · Klik Socialmediawebsite

Name of the Vulnerable Software and Affected Versions: KLiK SocialMediaWebsite version 1.0.1 Description: A reflected cross-site scripting XSS vulnerability may allow remote attackers to execute arbitrary JavaScript in the web browser of a user. This can be achieved by including a malicious paylo...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`

ASA-2024-002: Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool Component: Cosmos SDK Criticality: Medium Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of...

ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

GHSA-4J93-FM92-RP4M ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

Hibernate Validator JAR Detection

Binary data hibernatevalidatorjardetection.nbin...

Hibernate Validator < 6.2 XSS

The version of Hibernate Validator on the remote host is prior to 6.2. It may, therefore, by affected by a cross-site scripting XSS vulnerability. A flaw was found in the isValid method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed ...

MGASA-2024-0038 Updated bind packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...

Updated bind packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Parsing large DNS messages may cause excessive CPU load. CVE-2023-4408 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled. CVE-2023-5517 Enabling both DNS64 and serve-stale may cause an assertion...

ISC BIND Multiple DoS Vulnerabilities (CVE-2023-50387, CVE-2023-50868, KeyTrap) - Linux

ISC BIND is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; i...

PT-2024-11944 · Unknown +1 · Hibernate Validator +1

Name of the Vulnerable Software and Affected Versions: hibernate-validator affected versions not specified Description: A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by...

CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

br.com.thiaguten:umbrella-configuration (>=0.1.0 <=1.0.0), br.com.thiaguten:umbrella-core (>=0.1.0 <=1.0.0) +1272 more potentially affected by CVE-2023-1932 via org.hibernate:hibernate-validator (>=6.0.0.Beta2 <=6.1.7.Final)

org.hibernate:hibernate-validator MAVEN version =6.0.0.Beta2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.3.2-beta.6, =2.3.2-beta.5, =1.0.0, =1.1.16 - cn.openjava:openjava-spring-boot-starter =1.0.1 - cn.springcloud.gray:spring-cloud-gray-server =D.0.1.0-Beta-3 -...

Cross-site Scripting (XSS)

Overview org.hibernate:hibernate-validator is a Hibernate Validator Engine Relocation Artifact. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the isValid method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can...

Hibernate Validator Security Vulnerability

Hibernate Validator is a parameter validation framework from Hibernate. A security vulnerability exists in Hibernate Validator that stems from the fact that browsers may render invalid html...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...