CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1033 matches found

PyPA•added 2020/02/04 3:15 a.m.•6 views

PYSEC-2020-155

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...

6.8CVSS6.8AI score0.13332EPSS

Exploits0References2Affected Software1

OSV•added 2020/02/04 3:7 a.m.•1 views

GHSA-73M2-3PWG-5FGC Catastrophic backtracking in regex allows Denial of Service in Waitress

Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This would allow an attacker to send a single request with an invalid...

6.9CVSS5.7AI score0.13332EPSS

Exploits0References5

Cvelist•added 2020/02/04 3:5 a.m.•21 views

CVE-2020-5236 Catastrophic backtracking in regex allows Denial of Service in Waitress

5.7CVSS6.4AI score0.13332EPSS

Exploits0References2

OSV•added 2020/01/30 7:15 p.m.•4 views

ALPINE-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

6.5CVSS6.9AI score0.02728EPSS

Exploits1References1

OSV•added 2020/01/30 7:15 p.m.•24 views

CVE-2020-8492

6.5CVSS6.8AI score

Exploits0References16

OSV•added 2020/01/30 7:15 p.m.•1 views

DEBIAN-CVE-2020-8492

7.1CVSS7.1AI score0.02728EPSS

Exploits1References1

UbuntuCve•added 2020/01/30 7:15 p.m.•32 views

CVE-2020-8492

7.1CVSS6.8AI score0.02728EPSS

Exploits1References9

OSV•added 2020/01/30 12:0 a.m.•21 views

PSF-2020-8 urllib basic auth regex denial of service

7.1CVSS6.7AI score0.02728EPSS

Exploits1References2

Cvelist•added 2020/01/30 12:0 a.m.•26 views

CVE-2020-8492

7.1AI score0.02728EPSS

Exploits1References16

OpenVAS•added 2020/01/23 12:0 a.m.•25 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1072)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.01779EPSS

Exploits1References2

OpenVAS•added 2020/01/23 12:0 a.m.•45 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1403)

9.8CVSS8.3AI score0.40993EPSS

Exploits8References2

OpenVAS•added 2020/01/23 12:0 a.m.•37 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1434)

10CVSS9.2AI score0.45123EPSS

Exploits21References2

OpenVAS•added 2020/01/23 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1248)

7.5CVSS8.1AI score0.01779EPSS

Exploits1References2

OpenVAS•added 2020/01/23 12:0 a.m.•30 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1055)

7.5CVSS7.7AI score0.01779EPSS

Exploits1References2

IBM Security Bulletins•added 2019/12/20 2:50 p.m.•42 views

Security Bulletin: Multiple Vulnerabilities in python affects IBM Watson Studio Local

Summary Multiple vulnerabilities in python affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-10160 DESCRIPTION: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from...

9.8CVSS1.3AI score0.08764EPSS

Exploits1Affected Software1

OSV•added 2019/11/26 6:15 p.m.•2 views

ALPINE-CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

7.5CVSS6.9AI score0.00613EPSS

Exploits0References1

Prion•added 2019/11/26 6:15 p.m.•24 views

Code injection

7.8CVSS7.4AI score0.00613EPSS

Exploits0References11Affected Software2

CVE•added 2019/11/26 12:0 a.m.•437 views

CVE-2019-16201

CVE-2019-16201 affects Ruby’s WEBrick DigestAuth implementations across multiple Ruby branches (up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4). The issue is a regular-expression Denial of Service caused by backtracking in DigestAuth, requiring a WEBrick server exposed to the Internet or a...

7.8CVSS7.6AI score0.00613EPSS

Exploits0References11Affected Software1

UbuntuCve•added 2019/11/20 12:0 a.m.•150 views

CVE-2019-16201

7.8CVSS6.6AI score0.00613EPSS

Exploits0References3

FreeBSD•added 2019/11/17 12:0 a.m.•47 views

Python -- Regular Expression DoS attack against client

Ben Caller and Matt Schwager reports: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler...

7.1CVSS7.4AI score0.02728EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by