Lucene search
K

254 matches found

RedHat Linux
RedHat Linux
added 2023/05/16 8:42 a.m.6 views

python-mako: REDoS in Lexer class

A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS7.1AI score0.01718EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2023/05/16 12:0 a.m.33 views

Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

7.5CVSS6.7AI score0.01718EPSS
Exploits1References4
OSV
OSV
added 2023/05/10 3:15 p.m.3 views

UBUNTU-CVE-2023-31906

Jerryscript 3.0.0commit 1a2c047 was discovered to contain a heap-buffer-overflow via the component lexercompareidentifiertochars at /jerry-core/parser/js/js-lexer.c...

7.8CVSS5.8AI score0.00317EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/05/10 12:0 a.m.18 views

CVE-2023-31906

Jerryscript 3.0.0commit 1a2c047 was discovered to contain a heap-buffer-overflow via the component lexercompareidentifiertochars at /jerry-core/parser/js/js-lexer.c...

7.8AI score0.00317EPSS
Exploits1References1
CVE
CVE
added 2023/05/10 12:0 a.m.165 views

CVE-2023-31906

CVE-2023-31906 affects JerryScript 3.0.0 (commit 1a2c047). The vulnerability is a heap-buffer-overflow in the JS lexer component, specifically in lexer_compare_identifier_to_chars within /jerry-core/parser/js/js-lexer.c. According to the available documents, this yields a high-severity issue with...

7.8CVSS7.6AI score0.00317EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/05/10 12:0 a.m.6 views

JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 3.0.0, which stems from the component lexercompareidentifiertochars in /jerry-core/parser/js/js-lexer.c contains a heap buffer overflow...

7.8CVSS7.6AI score0.00317EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.6 views

PT-2023-23510 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0.0commit 1a2c047 Description: A heap-buffer-overflow issue was discovered in the lexer compare identifier to chars component at /jerry-core/parser/js/js-lexer.c. This issue affects the lexer functionality of the softwar...

7.8CVSS7.4AI score0.00317EPSS
Exploits1References7
OSV
OSV
added 2023/05/10 12:0 a.m.8 views

CVE-2023-31906

Jerryscript 3.0.0commit 1a2c047 was discovered to contain a heap-buffer-overflow via the component lexercompareidentifiertochars at /jerry-core/parser/js/js-lexer.c...

7.8CVSS7.2AI score0.00317EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.6 views

The vulnerability of the Sqlalchemy mako Python template library, related to an incorrect regular expression, allows attackers to cause service interruptions.

The vulnerability of the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploiting this vulnerability allows a malicious actor to deliver specially crafted data to the application and execute a...

7.8CVSS7.2AI score0.01718EPSS
Exploits1References11Affected Software5
RedHat Linux
RedHat Linux
added 2023/05/09 9:52 a.m.6 views

python-mako: REDoS in Lexer class

A vulnerability was found in the mako package. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

7.5CVSS7.1AI score0.01718EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.5 views

SUSE CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...

4.3CVSS6.9AI score0.03842EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.5 views

SUSE CVE-2016-10210

libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted rule that is mishandled in the yygetnextbuffer function...

7.5CVSS6.7AI score0.02484EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.3 views

SUSE CVE-2018-14447

trimwhitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read...

3.3CVSS7AI score0.01762EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-38234

XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObjObject at /xpdf/Lexer.cc...

5.5CVSS7.3AI score0.00284EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-38236

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObjObject at /xpdf/Lexer.cc...

7.8CVSS7.6AI score0.00324EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

5.9CVSS8AI score0.01718EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2022/12/14 1:15 p.m.5 views

graphql-java: DoS by malicious query

A flaw was found in GraphQL Java. This flaw allows an attacker to use a malicious query in GraphQL to cause a denial of service due to inefficient lexer input validation...

7.5CVSS6AI score0.02121EPSS
Exploits1References4
OSV
OSV
added 2022/10/19 6:15 p.m.4 views

CVE-2022-42227

jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer...

7.5CVSS5.8AI score0.00909EPSS
Exploits1References2
NVD
NVD
added 2022/10/19 6:15 p.m.24 views

CVE-2022-42227

jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/jsonlint/src/lexer...

7.5CVSS0.00909EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

jsonlint 缓冲区错误漏洞

jsonlint is a lightweight command line tool for validating JSON by the individual developer Pranav. A security vulnerability exists in version 1.0 of jsonlint, which stems from a heap buffer overflow in its /home/hjsz/jsonlint/src/lexer component...

7.5CVSS7.9AI score0.00909EPSS
Exploits1References3
Rows per page
Query Builder