Lucene search
K

204 matches found

CNVD
CNVD
added 2015/12/02 12:0 a.m.4 views

PCRE Denial of Service Vulnerability (CNVD-2015-07889)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle '? ' and '? R'...

9.8CVSS9.2AI score0.04815EPSS
Exploits0References1
CNVD
CNVD
added 2015/12/02 12:0 a.m.10 views

PCRE 'match' Function Information Disclosure Vulnerability

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in the 'match' function in the pcreexec.c file in versions of PCRE prior to 8.37, which stems from the...

6.4CVSS9.3AI score0.04072EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2015/12/01 12:0 a.m.3 views

PT-2015-7784 · Philip Hazel +2 · Pcre +2

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of certain repeated conditional groups in regular expressions, which can be exploited by remote attackers to cause a denial of service buffer overflow or possibly hav...

9.8CVSS7.7AI score0.09157EPSS
Exploits12References123
Positive Technologies
Positive Technologies
added 2015/12/01 12:0 a.m.3 views

PT-2015-7793 · Philip Hazel +2 · Pcre +2

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of the -q option for binary files by pcregrep in PCRE, potentially allowing remote attackers to obtain sensitive information via a crafted file. This could be exploit...

9.8CVSS7AI score0.09157EPSS
Exploits12References122
Positive Technologies
Positive Technologies
added 2015/12/01 12:0 a.m.6 views

PT-2015-7790 · Pcre +4 · Pcre +4

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, such as the /?:|a|100x/ pattern and related...

9.8CVSS8AI score0.09157EPSS
Exploits12References123
OSV
OSV
added 2015/12/01 12:0 a.m.4 views

UBUNTU-CVE-2015-8386

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

9.8CVSS7.2AI score0.07059EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.6 views

UBUNTU-CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

9.8CVSS7.2AI score0.06077EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.4 views

UBUNTU-CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

7.5CVSS7.4AI score0.03558EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.6 views

UBUNTU-CVE-2015-8394

PCRE before 8.38 mishandles the ? and ?R conditions, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

9.8CVSS7.2AI score0.04815EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.4 views

UBUNTU-CVE-2015-8387

PCRE before 8.38 mishandles ?123 subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

7.3CVSS7.2AI score0.03641EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.5 views

UBUNTU-CVE-2015-8388

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

7.5CVSS7.2AI score0.06587EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.5 views

UBUNTU-CVE-2015-8384

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

7.5CVSS7.2AI score0.03399EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.4 views

UBUNTU-CVE-2015-8390

PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS7.2AI score0.04618EPSS
Exploits0References5
OSV
OSV
added 2015/12/01 12:0 a.m.4 views

UBUNTU-CVE-2015-8381

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

7.5CVSS7.4AI score0.05286EPSS
Exploits1References7
OSV
OSV
added 2015/12/01 12:0 a.m.6 views

UBUNTU-CVE-2015-8385

PCRE before 8.38 mishandles the /?|\k'Pm'|?'Pm'/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

7.5CVSS7.2AI score0.05623EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/11/19 12:0 a.m.5 views

pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

7.5CVSS7.4AI score0.04049EPSS
Exploits1References4
Fedora
Fedora
added 2015/09/11 5:28 p.m.19 views

[SECURITY] Fedora 22 Update: pcre-8.37-4.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

1.1AI score
Exploits0
Fedora
Fedora
added 2015/08/27 6:5 p.m.17 views

[SECURITY] Fedora 23 Update: pcre-8.37-4.fc23

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

1.1AI score
Exploits0
OpenVAS
OpenVAS
added 2015/08/18 12:0 a.m.40 views

IPFire < 2.17 - Core Update 93 Multiple Vulnerabilities

IPFire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

9.1CVSS9.9AI score0.07673EPSS
Exploits1References1
Fedora
Fedora
added 2015/08/13 4:57 p.m.40 views

[SECURITY] Fedora 22 Update: pcre-8.37-3.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

9.8CVSS1.1AI score0.09157EPSS
Exploits2
Rows per page
Query Builder