222 matches found
Design/Logic Flaw
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
UBUNTU-CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
DEBIAN-CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
Regular Expression Denial Of Service (ReDoS)
forwarded is vulnerable to regular expression denial of service ReDoS. A flaw when the x-forwarded-for header is parsed causes the event loop to be blocked...
Regular Expression Denial Of Service (ReDoS)
fresh is vulnerable to regular expression denial of service ReDoS.The vulnerability exists when matching multiple ETags in If-None-Match which causes the event loop to be blocked...
Regular Expression Denial of Service
Overview Affected versions of slug are vulnerable to a regular expression denial of service when parsing untrusted user input. The issue is low severity, as it takes 50,000 characters to cause the event loop to block for 2 seconds, About 50k characters can block the event loop for 2 seconds...
Regular Expression Denial of Service
Overview Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is...
Regular Expression Denial of Service
Overview Affected versions of marked are vulnerable to a regular expression denial of service. The amplification in this vulnerability is significant, with 1,000 characters resulting in the event loop being blocked for around 6 seconds. Recommendation Update to version 0.3.9 or later. References ...
Regular Expression Denial Of Service (ReDoS)
useragent is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to parse the useragent headers. If an attacker edits their own headers to create an extremely long useragent string, it will cause an event loop which blocks the server...
CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
CVE-2016-5259
CVE-2016-5259 : A use-after-free in the Mozilla Firefox function CanonicalizeXPCOMParticipant allows remote code execution via a script that closes its own Service Worker inside a nested sync event loop. Affected: Firefox before 48.0 and Firefox ESR 45.x before 45.3. Impact per sources: arbitrary...
CVE-2016-5259
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop...
Regular Expression Denial of Service
Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...
Tasks, microtasks, queues and schedules
When I told my colleague Matt Gaunt I was thinking of writing a piece on microtask queueing and execution within the browser's event loop, he said "I'll be honest with you Jake, I'm not going to read that". Well, I've written it anyway, so we're all going to sit here and enjoy it, ok? Actually, i...
Fedora Update for glib2 FEDORA-2012-14157
Check for the Version of glib2 OpenVAS Vulnerability Test Fedora Update for glib2 FEDORA-2012-14157 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
[SECURITY] Fedora 17 Update: glib2-2.32.4-2.fc17
GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...
Fedora Core 9 FEDORA-2009-2688 (glib2)
The remote host is missing an update to glib2 announced via advisory FEDORA-2009-2688. OpenVAS Vulnerability Test $Id: fcore20092688.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-2688 glib2 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
[SECURITY] Fedora 8 Update: glib2-2.14.6-2.fc8
GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. This package provides versi...