python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

WordPress Serial Codes Generator and Validator with WooCommerce Support Plugin < 2.4.15 is vulnerable to Cross Site Scripting (XSS)

Software Serial Codes Generator and Validator with WooCommerce Support Type Plugin Vulnerable versions 2.4.15 Fixed in 2.4.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect validator pruning due to missing register precision contamination...

[SECURITY] Fedora 37 Update: yajl-2.1.0-21.fc37

Yet Another JSON Library. YAJL is a small event-driven SAX-style JSON parser written in ANSI C, and a small validating JSON generator...

OESA-2023-1440 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a...

OPENSUSE-SU-2023:0178-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator boo1212742 - CVE-2023-24580: Fixed potential denial-of-service vulnerability in file uploads boo1208082 - CVE-2023-23969:...

GHSA-JH3W-4VVF-MJGR Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

PYSEC-2023-100

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

Django 安全漏洞

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django versions prior to 3.2.20, 4.1.10, and 4.2.3, which...

GHSA-W5W5-2882-47PC github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee

x/crisis does not charge ConstantFee Impact If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the x/crisis module are affected on all versions of the Cosmos SDK. Details The x/crisis module is supposed to...

github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee

x/crisis does not charge ConstantFee Impact If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the x/crisis module are affected on all versions of the Cosmos SDK. Details The x/crisis module is supposed to...

CVE-2023-35163

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...

CVE-2023-35163 Vega's validators able to submit duplicate transactions

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...

GHSA-8RC9-VXJH-QJF2 Vega's validators able to submit duplicate transactions

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resultin...

PT-2023-25174 · Vega · Vega

Name of the Vulnerable Software and Affected Versions: Vega versions prior to 0.71.6 Description: A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge...

PT-2023-4169

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.19 Django versions 4 through 4.1.9 Django versions 4.2 through 4.2.2 Description: The issue is related to the EmailValidator and URLValidator components in the Django web application platform. It involves the u...

Problem with ValiodatorStatus.INITIALIZED

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The default value for Enums in solidity are always the first parameters in them. In the ValidatorStatus Enum however, INITIALIZED is the first value and therefore the default value of the ValidatorStatu...

The increaseTotalValidatorActiveCount in PermissionedPool incorrectly adds requiredValidators instead of validatorToDeposit

Lines of code Vulnerability details Impact When the Stader Stake Pools Manager calls stakeUserETHToBeacon chain, it does so calculating the requiredValidators that can be added to the pool. The function internally also uses the allocateValidatorsAndUpdaterOperatorId to compute each operator's...

MISSING ACCESS CONTROL AND MISSING LOGICAL CHECKS IN PENALTY.sol

Lines of code Vulnerability details Impact In the penalty.sol contract anyone can call the markValidatorSettled... function to clear the penalty of an erring validator. Proof of Concept Anyone can clear the penalty of an erring validator without by calling markValidatorSettled... as the function...