SUSE CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

SUSE CVE-2022-2596

Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch prior to 3.2.10...

SUSE CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2020-36661

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...

Information disclosure

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...

CVE-2020-36661

CVE-2020-36661 affects Kong lua-multipart 0.5.8-1. The vulnerability resides in the is_header function in src/multipart.lua, causing inefficient regular expression complexity (redos). The issue has a stated fix: upgrade to version 0.5.9-1, with the patch identified as d632e5df43a2928fd537784a99a7...

Regular Expression Denial of Service in simple-markdown

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input :/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack...

GHSA-GPVJ-GP8C-C7P2 Regular Expression Denial of Service in simple-markdown

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to...

Regular Expression Denial of Service in simple-markdown

A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to...

CVE-2019-25102 simple-markdown simple-markdown.js redos

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input :/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2023-0785 SourceCodester Best Online News Portal check_availability.php information exposure

A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file checkavailability.php. The manipulation of the argument username leads to exposure of sensitive information through data querie...

lua-multipart 安全漏洞

lua-multipart is a Lua library for parsing and editing multipart/form-data data. A security vulnerability exists in Kong lua-multipart version 0.5.8-1. An attacker has exploited the vulnerability to reduce regular expression complexity...

simple-markdown 安全漏洞

Khan Academy simple-markdown is a Markdown parser. A security vulnerability exists in simple-markdown version 0.6.0. An attacker has exploited the vulnerability to reduce regular expression complexity...

simple-markdown 安全漏洞

Khan Academy simple-markdown is a Markdown parser. A security vulnerability exists in simple-markdown version 0.5.1. An attacker has exploited the vulnerability to reduce regular expression complexity...

PT-2023-11360 · Unknown · Simple-Markdown

Name of the Vulnerable Software and Affected Versions: simple-markdown version 0.6.0 Description: A problematic vulnerability was found in the simple-markdown software, affecting an unknown function of the file simple-markdown.js. The issue arises from inefficient regular expression complexity wh...

PT-2023-16526 · Sourcecodester · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A vulnerability was found in the file check availability.php, where the manipulation of the username argument leads to exposure of sensitive information through data queries. The...

GHSA-8X6C-CV3V-VP6G Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service

This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...

PT-2023-33000 · Unknown · Http-Cache-Semantics +1

Name of the Vulnerable Software and Affected Versions: http-cache-semantics versions prior to 4.1.1 cacheable-request versions prior to 10.2.7 Description: The issue is related to an Inefficient Regular Expression Complexity in http-cache-semantics, which can lead to Denial of Service. This can b...

Information disclosure

A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...