Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-03-19
Updated
2024-03-19
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-06-13
Updated
2018-08-10
cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.
Max CVSS
7.5
EPSS Score
0.11%
Published
2018-02-12
Updated
2018-03-07
The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2018-02-12
Updated
2018-03-07
A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.
Max CVSS
10.0
EPSS Score
0.66%
Published
2018-02-19
Updated
2018-03-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.
Max CVSS
6.8
EPSS Score
0.16%
Published
2014-04-22
Updated
2014-04-23
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!