Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3333 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11388

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes...

5.3CVSS5.6AI score0.01625EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

5.3CVSS5.6AI score0.01671EPSS
Exploits1References3
SUSE CVE
SUSE CVEadded 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

7.5CVSS7AI score0.03546EPSS
Exploits1References30
SUSE CVE
SUSE CVEadded 2023/02/15 3:44 a.m.2 views

SUSE CVE-2021-27291

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service...

7.5CVSS7.7AI score0.03832EPSS
Exploits1References10
SUSE CVE
SUSE CVEadded 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-32838

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

7.5CVSS7.6AI score0.01804EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 3:22 a.m.1 views

SUSE CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

6.5CVSS9.3AI score0.01546EPSS
Exploits1References16
Veracode
Veracodeadded 2023/02/15 2:2 a.m.14 views

Regular Expression Denial Of Service (ReDoS)

simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the match attribute in the autolink object in simple-markdown.js, which allows an attacker to crash the application by providing a maliciously crafted...

7.5CVSS7.1AI score0.01097EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/02/15 12:0 a.m.24 views

SUSE SLES12 Security Update : python-py (SUSE-SU-2023:0395-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0395-1 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a...

7.5CVSS6.5AI score0.01546EPSS
Exploits1References4
Veracode
Veracodeadded 2023/02/14 7:21 a.m.25 views

Regular Expression Denial Of Service (ReDoS)

sideway/formula is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in index.js due to regular expression complexity which allows attacker to provide crafted strings to the formula's parser that might lead to polynomial execution time causing an application crash...

6.5CVSS6.3AI score0.00611EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/02/14 12:0 a.m.30 views

openSUSE 15 Security Update : rubygem-globalid (SUSE-SU-2023:0328-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:0328-1 advisory. - A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References4
NVD
NVDadded 2023/02/09 8:15 p.m.14 views

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS7.4AI score0.01049EPSS
Exploits0References1
OSV
OSVadded 2023/02/09 8:15 p.m.19 views

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS7.4AI score0.01049EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2023/02/09 8:15 p.m.20 views

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References3
Prion
Prionadded 2023/02/09 8:15 p.m.14 views

Design/Logic Flaw

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

5CVSS7.3AI score0.01049EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2023/02/09 8:15 p.m.0 views

UBUNTU-CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References4
OSV
OSVadded 2023/02/09 8:9 a.m.5 views

SUSE-SU-2023:0328-1 Security update for rubygem-globalid

This update for rubygem-globalid fixes the following issues: - CVE-2023-22799: Fixed ReDoS vulnerability bsc1207587...

7.5CVSS7.6AI score0.01049EPSS
Exploits0References3
Veracode
Veracodeadded 2023/02/09 1:55 a.m.14 views

Regular Expression Denial Of Service (ReDoS)

switcher-client is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to unsanitized input used in the library's strategy match operation EXIST, allowing an attacker to crash the application by providing a maliciously crafted input...

8.6CVSS7.1AI score0.00541EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2023/02/09 12:0 a.m.262 views

CVE-2023-22799

CVE-2023-22799 describes a ReDoS-based DoS in the Ruby GlobalID gem prior to 1.0.1. The vulnerability arises from a crafted input causing the regular expression engine to take excessive time, potentially impacting availability for systems using GlobalID

7.5CVSS7.3AI score0.01049EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2023/02/09 12:0 a.m.21 views

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS6.6AI score0.01049EPSS
Exploits0
Cvelist
Cvelistadded 2023/02/09 12:0 a.m.20 views

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.6AI score0.01049EPSS
Exploits0References1
Rows per page
Query Builder