3631 matches found
CVE-2020-36830
The CVE-2020-36830 entry concerns the nescalante urlregex project (Backtracking component, index.js) with a Regular Expression Denial of Service (ReDoS) risk due to inefficient backtracking in the 0.5.0 release. Exploitation is reported to be remote, and public disclosure is noted across sources....
CVE-2020-36830 nescalante urlregex Backtracking index.js redos
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...
CVE-2023-7279 Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...
CVE-2023-7279
CVE-2023-7279 affects Secure Systems Engineering Connaisseur up to version 3.3.0, with the issue localized to the file connaisseur/res/targets_schema.json in the Delegation Name Handler. The vulnerability causes inefficient regular expression complexity; the reported attack complexity is high and...
CVE-2023-7279 Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...
urlregex 安全漏洞
urlregex is a node and browser URL validation by Nicolas Escalante Personal Developer. A security vulnerability exists in urlregex version 0.5.0 and prior versions, which stems from the fact that performing an incorrect operation can lead to low regular expression complexity...
PT-2024-15266 · Secure Systems Engineering · Secure Systems Engineering Connaisseur
Name of the Vulnerable Software and Affected Versions: Secure Systems Engineering Connaisseur versions up to 3.3.0 Description: A vulnerability has been found in Secure Systems Engineering Connaisseur, affecting unknown code of the file connaisseur/res/targets schema.json of the component...
Missing hostname validation in Kroxylicious
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...
ROS-20240826-09
The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...
Amazon Linux 2 : bind (ALAS-2024-2625)
The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2625 advisory. The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problem...
Important: bind
Issue Overview: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This...
ALPINE-CVE-2024-7592
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
CVE-2024-7592 Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
PSF-2024-9
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resourc...
EulerOS Virtualization 2.10.1 : python-idna (EulerOS-SA-2024-2146)
According to the versions of the python-idna package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. Th...
EulerOS Virtualization 2.10.0 : python-idna (EulerOS-SA-2024-2126)
According to the versions of the python-idna package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. Th...
GHSA-H6JQ-W432-J26W Silverpeas vulnerable to password complexity rule bypass
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...
CVE-2024-42850
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements...