CVE-2023-22484

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has...

CVE-2023-22483 cmark-gfm Quadratic complexity bugs may lead to a denial of service

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands,...

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases when using int("text") a system could take 50ms to parse an int string with 100000 digits and 5s for 1000000 digits (float decimal int.from_bytes() and int() for binary bases 2 4 8 16 and 32 are not affected). The highest threat from this vulnerability is to system availability.

...

Regular Expression Denial Of Service (ReDoS)

papapars is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in papaparse.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...

CVE-2017-20174

A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is know...

GHSA-QJM7-55VV-3C5F mel-spintax has Inefficient Regular Expression Complexity

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...

mel-spintax has Inefficient Regular Expression Complexity

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...

CVE-2018-25077

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...

CVE-2018-25077 melnaron mel-spintax spintax.js redos

A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high...

mel-spintax 安全漏洞

mel-spintax is a tool for parsing Spintax-formatted text. A security vulnerability exists in melnaron mel-spintax, which stems from an error in the handling of the parameter text that results in reduced complexity of regular expressions...

Sisimai Inefficient Regular Expression Complexity vulnerability

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

CVE-2022-4891

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

Design/Logic Flaw

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

CVE-2022-4891 Sisimai string.rb to_plain redos

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

rb-sisimai 安全漏洞

rb-sisimai is a Ruby library for parsing RFC5322 returned emails and generating structured data from the parsed results. A security vulnerability exists in rb-sisimai version 4.25.14p11 and earlier. An attacker exploited the vulnerability to cause a regular expression complexity reduction...

Sisimai Inefficient Regular Expression Complexity vulnerability

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

CVE-2015-10057

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The...

Improper access control

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The...

US Department of the Interior's passwords "easily cracked"

It's bad news for the US Department of the Interior--a Government watchdogs security audit has revealed its passwords are simply not up to the job of warding off cracking attempts. The audit's wordy title was not kind: P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, La...