9309 matches found
Regular Expression Denial Of Service
Grafana-Zabbix is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular-expression handling to user-supplied regex queries, that can trigger catastrophic backtracking, and attackers can exploit this by submitting specially crafted regex patterns that...
macOS 14.x < 14.8.2 Multiple Vulnerabilities (125636)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.2. It is, therefore, affected by multiple vulnerabilities: - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This cou...
Astra Linux – Vulnerability in configobj
All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This vulnerability can only be exploited by developers who place the offending values in server-side configuration files...
SUSE SLES15: libpoppler-cpp0 / libpoppler-devel / libpoppler-glib-devel / etc (SUSE-SU-2025:3900-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3900-1 advisory. - CVE-2025-43718: Fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files allow...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-5197]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an exploitable issue in the converttfweightnametoptweightname function CVE-2025-5197. Huggingface/transformers is used in our speech service runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to various issues identified within the package CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263. Huggingface/transformers is used in our speech service runtimes. This...
Regular Expression Denial Of Service (ReDoS)
Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...
CLSA-2025-1761844489 Fix of 9 CVEs
SECURITY UPDATE: multiple vulnerabilities in AWK implementation - debian/patches/CVE-2021-423xx-awk.patch: fix issues with argument parsing, delete statement validation, length parsing, post-increment/decrement on literals, expression handling, regex splitting, use-after-realloc, and maxfields...
CVE-2025-62792
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...
GO-2025-4033 Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol...
CVE-2025-5342 Denial of Service (DoS)
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...
PT-2025-44411
Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions through 5721 Description The software contains a Regular Expression Denial of Service ReDoS issue within its search module. This could potentially disrupt service due to excessive resource consumpti...
CVE-2025-62792
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...
CVE-2025-62792 Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...
ROS-20251029-04
A plug-in vulnerability in the Grafana-Zabbix web-based data submission tool is related to maximum CPU utilization. Exploitation of the vulnerability could allow an attacker due to a custom request with a regular expression, acting remotely, to cause a denial of service...
PT-2025-44326
Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.12.0 Description Wazuh, a free and open source platform for threat prevention, detection, and response, contains a flaw where a buffer over-read can occur in the w expression match function. This happens when strlen i...
Wazuh 安全漏洞
Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.12.0, which stems from the failure to properly...
GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...
Regular Expression Denial of Service (ReDoS)
Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the FileResponse.parserangeheader method. An attacker can exhaust server CPU resources by sending a specially crafted HTTP Range header...
Expression Language Injection
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...