254 matches found
python-mako: REDoS in Lexer class
A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...
Moderate: python-mako security update
Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...
UBUNTU-CVE-2023-31906
Jerryscript 3.0.0commit 1a2c047 was discovered to contain a heap-buffer-overflow via the component lexercompareidentifiertochars at /jerry-core/parser/js/js-lexer.c...
CVE-2023-31906
Jerryscript 3.0.0commit 1a2c047 was discovered to contain a heap-buffer-overflow via the component lexercompareidentifiertochars at /jerry-core/parser/js/js-lexer.c...
CVE-2023-31906
CVE-2023-31906 affects JerryScript 3.0.0 (commit 1a2c047). The vulnerability is a heap-buffer-overflow in the JS lexer component, specifically in lexer_compare_identifier_to_chars within /jerry-core/parser/js/js-lexer.c. According to the available documents, this yields a high-severity issue with...
JerryScript 缓冲区错误漏洞
JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0.0, which stems from the component lexercompareidentifiertochars in /jerry-core/parser/js/js-lexer.c contains a heap buffer overflow...
PT-2023-23510 · Unknown · Jerryscript
Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0.0commit 1a2c047 Description: A heap-buffer-overflow issue was discovered in the lexer compare identifier to chars component at /jerry-core/parser/js/js-lexer.c. This issue affects the lexer functionality of the softwar...
CVE-2023-31906
Jerryscript 3.0.0commit 1a2c047 was discovered to contain a heap-buffer-overflow via the component lexercompareidentifiertochars at /jerry-core/parser/js/js-lexer.c...
The vulnerability of the Sqlalchemy mako Python template library, related to an incorrect regular expression, allows attackers to cause service interruptions.
The vulnerability of the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploiting this vulnerability allows a malicious actor to deliver specially crafted data to the application and execute a...
python-mako: REDoS in Lexer class
A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...
SUSE CVE-2015-5523
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...
SUSE CVE-2016-10210
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted rule that is mishandled in the yygetnextbuffer function...
SUSE CVE-2018-14447
trimwhitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read...
SUSE CVE-2022-38234
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObjObject at /xpdf/Lexer.cc...
SUSE CVE-2022-38236
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObjObject at /xpdf/Lexer.cc...
SUSE CVE-2022-40023
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...
graphql-java: DoS by malicious query
A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...
CVE-2022-42227
jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer...
CVE-2022-42227
jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer...
jsonlint 缓冲区错误漏洞
jsonlint is a lightweight command line tool for validating JSON by the individual developer Pranav. A security vulnerability exists in version 1.0 of jsonlint, which stems from a heap buffer overflow in its /home/hjsz/jsonlint/src/lexer component...