91 matches found
Regular expression denial of service in jquery-validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
CVE-2022-1929
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2021-43308
An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...
CVE-2021-43308
An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...
CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
Input validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
Input validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...
CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
UBUNTU-CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
CVE-2022-1929 Exponential ReDoS in devcert
An exponential ReDoS Regular Expression Denial of Service can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method...
CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
PT-2022-11820 · Npm · Markdown-Link-Extractor
Name of the Vulnerable Software and Affected Versions: markdown-link-extractor npm package affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered when an attacker supplies arbitrary input to the module's...
PT-2022-11818 · Npm · Jquery-Validation
Name of the Vulnerable Software and Affected Versions: jquery-validation npm package affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package when an attacker is able to supply arbitrary input to t...
CVE-2021-43308
An exponential ReDoS Regular Expression Denial of Service can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function...
CVE-2021-21814
Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...
CVE-2020-25757
CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...
Remote Code Execution (RCE)
Pluggable Authentication Modules PAM is vulnerable to remote code execution RCE. It was discovered that the pamxauth module did not verify the return values of the setuid and setgid system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and...
Memory corruption
The rtppacketizexiphconfig function in modules/streamout/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified...
CVE-2014-9630
The rtppacketizexiphconfig function in modules/streamout/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified...
CVE-2019-7329
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...