CVE-2021-0338

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

CVE-2021-0338

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

Regular Expression Denial Of Service (ReDoS)

express-validators is vulnerable to Regular Expression Denial of Service ReDoS. An attacker is able to crash the application via a malicious URL due to the insecure usage of regex to validate URLs...

CVE-2020-7767

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

Design/Logic Flaw

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

CVE-2020-7767 Regular Expression Denial of Service (ReDoS)

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

CVE-2020-7767

CVE-2020-7767 affects the npm package express-validators . All versions are reported vulnerable to a Regular Expression Denial of Service (ReDoS) when validating specially crafted invalid URLs. The root cause stems from the URL validation regex, where certain inputs trigger catastrophic backtrack...

Regular Expression Denial of Service (ReDoS)

Overview express-validators is an Express framework json objectreq validator. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls. POC: var expressValidators = require"express-validators"; var Obj =...

@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)

express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

Remote code execution

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...

Malicious Package

Overview ama-validators is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using ama-validato...

chromium-browser: Inappropriate implementation in Blink

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page...

CVE-2020-6413

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page...

DEBIAN-CVE-2020-6413

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page...

CVE-2020-6413

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page...