Lucene search
K

111 matches found

Cvelist
Cvelist
added 2025/05/15 11:0 p.m.33 views

CVE-2025-4727 Meteor livedata_server.js Object.assign redos

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

6.3CVSS0.00591EPSS
Exploits1References7
OSV
OSV
added 2025/04/27 9:15 p.m.4 views

CVE-2025-3986

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

7.5CVSS6.5AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/27 9:0 p.m.9 views

CVE-2025-3986 Apereo CAS CasConfigurationMetadataServerController.java redos

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

5.3CVSS4.7AI score0.00516EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.4 views

Apereo CAS 安全漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. A security vulnerability exists in Apereo CAS version 5.2.6, which stems from the file cas-5.2.6webapp-mgmtcas-management-webapp-...

5.1CVSS4.1AI score0.00522EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/27 12:0 a.m.4 views

Apereo CAS 安全漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. A security vulnerability exists in Apereo CAS version 5.2.6, which originates from the file cas-5.2.6corecas-server-core-configuration-metadata-repositorysrcmainjavaorgapereocasmetadata Parameter Na...

7.5CVSS4.7AI score0.00516EPSS
Exploits0References5
OSV
OSV
added 2025/03/27 4:15 a.m.3 views

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

6.9CVSS4.8AI score0.00672EPSS
Exploits1References5
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-10550

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS0.00588EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/02/12 7:23 p.m.15 views

Inefficient Regular Expression Complexity in koa

Summary Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. PoC Coming soon. Impact This is a Regex Denial-of-Service attack and causes memory exhaustion. The regex should be improved and empty...

9.2CVSS6.7AI score0.0077EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/11/25 6:32 p.m.2 views

GHSA-WQ8X-CG39-8MRR org.keycloak:keycloak-services has Inefficient Regular Expression Complexity

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...

7.1CVSS6.1AI score0.01264EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/11/25 9:30 a.m.11 views

Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils metho...

6.5CVSS6.9AI score0.01264EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/11/25 9:30 a.m.4 views

GHSA-J3X3-R585-4QHG Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils metho...

6.5CVSS5.7AI score0.01264EPSS
Exploits0References7
NVD
NVD
added 2024/11/25 8:15 a.m.17 views

CVE-2024-10270

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...

6.5CVSS0.01264EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/11/25 7:37 a.m.12 views

CVE-2024-10270 Org.keycloak:keycloak-services: keycloak denial of service

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...

6.5CVSS6.3AI score0.01264EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/11/25 7:37 a.m.27 views

CVE-2024-10270 Org.keycloak:keycloak-services: keycloak denial of service

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...

6.5CVSS0.01264EPSS
Exploits0References8
CVE
CVE
added 2024/11/25 7:37 a.m.303 views

CVE-2024-10270

CVE-2024-10270 affects org.keycloak:keycloak-services. Provided connected advisories confirm an inefficient regular expression in SearchQueryUtils could cause DoS by exhausting resources. The vulnerability is described consistently across sources (Keycloak-Services DoS via untrusted input in Sear...

6.5CVSS6.3AI score0.01264EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2024/11/21 5:24 p.m.13 views

CVE-2024-10270

A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service DoS scenario by exhausting system resources due to a Regex complexity...

6.5CVSS6.5AI score0.01264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.6 views

PT-2024-15266 · Secure Systems Engineering · Secure Systems Engineering Connaisseur

Name of the Vulnerable Software and Affected Versions: Secure Systems Engineering Connaisseur versions up to 3.3.0 Description: A vulnerability has been found in Secure Systems Engineering Connaisseur, affecting unknown code of the file connaisseur/res/targets schema.json of the component...

5.9CVSS4.5AI score0.00537EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.34 views

SUSE SLES15: bind / bind-chrootenv / bind-devel / bind-devel-32bit / bind-doc / etc (SUSE-SU-2023:2578-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2578-1 advisory. bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source...

9.8CVSS6.8AI score0.68603EPSS
Exploits9References47
Veracode
Veracode
added 2023/04/10 9:2 a.m.23 views

Regular Expression Denial Of Service (ReDoS)

configobj is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficent regex complexity via the validate function, which can lead to a Denial of Service if an attacker is able to control the input being parsed...

5.9CVSS5.7AI score0.01259EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.6 views

SUSE CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

7.5CVSS6.8AI score0.00718EPSS
Exploits1References5
Rows per page
Query Builder