Lucene search
K

91 matches found

Github Security Blog
Github Security Blog
added 2022/06/03 12:0 a.m.125 views

Regular expression denial of service in jquery-validation

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS4.5AI score0.01327EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/06/02 2:15 p.m.5 views

CVE-2022-1929

An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...

7.5CVSS5.9AI score0.006EPSS
Exploits1References1
OSV
OSV
added 2022/06/02 2:15 p.m.16 views

CVE-2021-43308

An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...

7.5CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2022/06/02 2:15 p.m.26 views

CVE-2021-43308

An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...

7.5CVSS0.01027EPSS
Exploits1References1
OSV
OSV
added 2022/06/02 2:15 p.m.13 views

CVE-2021-43306

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS7.5AI score
Exploits0References1
Prion
Prion
added 2022/06/02 2:15 p.m.19 views

Input validation

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

5CVSS7.4AI score0.01327EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/06/02 2:15 p.m.23 views

Input validation

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

5CVSS7.6AI score0.01455EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/06/02 2:15 p.m.36 views

CVE-2021-43306

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS7.2AI score0.01327EPSS
Exploits1References3
OSV
OSV
added 2022/06/02 2:15 p.m.2 views

UBUNTU-CVE-2021-43306

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS7.2AI score0.01327EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/06/01 4:47 p.m.27 views

CVE-2022-1929 Exponential ReDoS in devcert

An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...

5.9CVSS7.7AI score0.006EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2022/06/01 4:47 p.m.6 views

CVE-2021-43306

An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...

7.5CVSS7.6AI score0.01327EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/06/01 12:0 a.m.2 views

PT-2022-11820 · Npm · Markdown-Link-Extractor

Name of the Vulnerable Software and Affected Versions: markdown-link-extractor npm package affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered when an attacker supplies arbitrary input to the module's...

7.5CVSS7.3AI score0.01027EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/06/01 12:0 a.m.3 views

PT-2022-11818 · Npm · Jquery-Validation

Name of the Vulnerable Software and Affected Versions: jquery-validation npm package affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package when an attacker is able to supply arbitrary input to t...

7.5CVSS7.4AI score0.01327EPSS
Exploits1References14
ATTACKERKB
ATTACKERKB
added 2022/05/29 11:5 p.m.3 views

CVE-2021-43308

An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...

7.5CVSS7.2AI score0.01027EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/08/13 10:39 p.m.34 views

CVE-2021-21814

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...

7.8CVSS8AI score0.00344EPSS
Exploits1References1
CVE
CVE
added 2020/12/15 7:27 p.m.74 views

CVE-2020-25757

CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...

8.8CVSS8.8AI score0.02044EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/04/10 12:47 a.m.29 views

Remote Code Execution (RCE)

Pluggable Authentication Modules PAM is vulnerable to remote code execution RCE. It was discovered that the pamxauth module did not verify the return values of the setuid and setgid system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and...

3.3CVSS4.2AI score0.00366EPSS
Exploits0References24Affected Software1
Prion
Prion
added 2020/01/24 10:15 p.m.19 views

Memory corruption

The rtppacketizexiphconfig function in modules/streamout/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified...

6.8CVSS8AI score0.01486EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/01/24 9:57 p.m.27 views

CVE-2014-9630

The rtppacketizexiphconfig function in modules/streamout/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified...

7.8CVSS7.5AI score0.01486EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/02/04 7:29 p.m.27 views

CVE-2019-7329

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...

6.1CVSS7AI score0.01019EPSS
Exploits1References3
Rows per page
Query Builder