CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...

CVE-2023-40599

CVE-2023-40599 affects Mailform Pro CGI (4.3.1.3 and earlier). The ReDoS flaw is in multiple add-on files: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. Root cause: regular-expression Denial-of-Service vulnerability leading...

JVN#86484824: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333, CVE-2023-40599. This vulnerability is a similar issue as CVE-2023-32610 published on JVN on June 20, 2023, and was newly discovered in several Add-ons listed above. Impact A...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-configobj (SUSE-SU-2023:3369-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3369-1 advisory. - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py bsc1210070...

SUSE SLES12 Security Update : python-configobj (SUSE-SU-2023:3368-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3368-1 advisory. - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py bsc1210070. Tenable has extracted the preceding...

Amazon Linux 2 : python-configobj (ALAS-2023-2188)

The version of python-configobj installed on the remote host is prior to 4.7.2-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2188 advisory. All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...

Amazon Linux 2 : python-pygments (ALAS-2023-2198)

The version of python-pygments installed on the remote host is prior to 1.4-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2198 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some o...

Low: python-configobj

Issue Overview: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?\.\. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file. CVE-2023-26112...

OESA-2023-1479 python-pygments security update

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Security Fixes: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.CVE-2022-40896...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the DollarMathPostFilter, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the library, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...

GitLab Resource Management Error Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A resource management error vulnerability exists in GitLab CE/EE, which stems...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

Information disclosure

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

CVE-2023-39174

JetBrains TeamCity prior to 2023.05.2 is affected by CVE-2023-39174 due to a Regular Expression Denial of Service (ReDoS) flaw introduced by the integration with issue trackers. Documented impact is a potential DoS; no exploitation details are provided. Mitigation per connected sources is to upgr...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

PT-2023-26829 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05.2 Description: A ReDoS attack was possible via integration with issue trackers. This issue allows for a denial-of-service attack by exploiting regular expressions. Recommendations: For versions pri...