Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +3265 more potentially affected by CVE-2024-21490 via angular (>=1.3.11 <=1.8.3)

angular NPM version =1.3.11, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2024-21490 Source advisory: SNYK:JS-ANGULAR-6091113...

PT-2023-9165

Name of the Vulnerable Software and Affected Versions angular versions 1.3.0 and later Description A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic...

The vulnerability of the IBM TXSeries transaction application management software for multiple platforms is related to an implementation error in Angular templates, which allows attackers to trigger a service failure.

The vulnerability of the IBM TXSeries transaction application management software for multiple platforms is related to an implementation error in Angular templates. Exploiting this vulnerability can allow a malicious actor to trigger a service failure through a specially crafted request...

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...

Fedora 39 : icecat (2023-035866b576)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-035866b576 advisory. - Release 115.3.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 38 : icecat (2023-7342330743)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7342330743 advisory. - Release 115.3.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

The vulnerability of the $resource service in the Angular application and single-page application development platforms, related to the use of a regular expression with inefficient computational complexity, allows attackers to trigger service failures.

The vulnerability of the application development environment and the Angular single-page application platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures...

The vulnerability of the application development environment and the Angular development platform, which exists due to the lack of measures taken to protect the structure of web pages, allows attackers to carry out XSS attacks.

The vulnerability of the application development environment and the Angular single-page application platform exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Security Bulletin: Multiple Angular vulnerabilities affects IBM Tivoli Business Service Manager (CVE-2023-26116, CVE-2023-26117, CVE-2023-26118, CVE-2022-25869, CVE-2022-25844)

Summary Angular is shipped with IBM Tivoli Business Service Manager as a component of it's dashboard interface. Information about security vulnerabilities affecting Angular has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-26116 DESCRIPTION: AngularJS is vulnerable t...

The vulnerability of the angular.copy() function in the application design environment and the Angular development platform allows a attacker to trigger a service failure.

The vulnerability of the angular.copy function in the application and platform development environment for one-page applications related to Angular involves the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause...

The vulnerability of the input[url] function in the application development environment and the Angular platform allows attackers to trigger a service failure.

The vulnerability of the inputurl function in the application development environment and the Angular platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

The vulnerability of the $resource service in the Angular application and single-page application development platform allows a attacker to cause a service failure.

The vulnerability of the $resource service in the Angular application and single-page application development platforms is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

CVE-2023-26270

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-26270

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

Sql injection

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-26270

CVE-2023-26270 affects IBM Guardium Data Encryption (GDE) Guardium Cloud Key Manager (GCKM) 1.10.3. The root cause is an Angular template injection flaw that could allow a remote attacker to execute arbitrary code. IBM and related sources list the remediation as upgrading to GCKM 1.10.4. Public r...

CVE-2023-26270 IBM Security Guardium Data Encryption code execution

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-26270 IBM Security Guardium Data Encryption code execution

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

GHSA-QFW7-PFXX-H9Q2 OpenNMS vulnerable to Cross-site Scripting

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on database and then load on JSPs or Angular templates. The solution is to upgrade to Meridian 2023.1....