Regular Expression Denial Of Service (ReDoS)

split-html-to-chars is vulnerable to regular expression denial of service. The vulnerability exists in Splitter function in index.js because the html inputs are not properly sanitized due to insufficient regular expression complexity applied when splitting html to letters for animation which allo...

Regular Expression Denial Of Service (ReDoS)

regexfn is vulnerable to regular expression denial of service. The vulnerability exists in isEmail function in index.js because the emails are not properly validated with sufficient regular expression complexity which allows an attacker to send crafted invalid emails causing a denial of service...

Inefficient Regular Expression Complexity potentially leads to Denial of Service

Description Inefficient Regular Expression Complexity of url regex could lead to a denial of service attack. This report bypasses the fix in issue 300 by a well-formed payload '//a.b' + 'c1'.repeati + 'a'. With only 36 characters payload could take 18672 ms time execution. Proof of Concept js //...

CVE-2022-32156

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...

CVE-2022-32156 Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface CLI did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI...

Siemens SCALANCE LPE 4903 and SINUMERIK Edge

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SCALANCE LPE 4903 and SINUMERIK Edge Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unprivileged local user to escalate privileges and...

Siemens Xpedition Designer

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

SUSE SLES12 Security Update : grub2 (SUSE-SU-2022:2037-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2037-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that t...

Identifying Cloud Waste to Contain Unnecessary Costs

Cloud adoption has exploded over the past decade or so, and for good reason. Many digital transformation advancements – and even the complete reimagination of entire industries – can be directly mapped and attributed to cloud innovation. While this rapid pace of innovation has had a profound impa...

GHSA-2HHC-F86X-X74F Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...

3 Recommendations to Ensure Your API Security Solution can Drive Data Visibility and Quality

Today at least 90% of developers are using APIs in cloud-native web application development. According to new data collected by Forrester Research and presented in their report, Improve API Performance with a Sound API Security Strategy, 62 percent of IT decision makers believe the value they gai...

OpenStack Nova Denial of Service in network source security groups

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

GHSA-9J7M-RJQX-48VH RubyGems Regular Expression Denial of Service vulnerability

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

Uncontrolled Resource Consumption in Apache Commons Compress

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs...

GHSA-6FXM-66HQ-FC96 Uncontrolled Resource Consumption in Apache Commons Compress

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service CPU consumption via a file with many repeating inputs...

Inefficient Algorithmic Complexity in Apache Santuario XML Security

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization...

Yokogawa CENTUM and ProSafe-RS

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: CENTUM and ProSafe-RS Vulnerabilities: OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors 2. RISK...

GHSA-P6M5-H7PP-V2X5 Django Regex Algorithmic Complexity Causes Denial of Service

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

Django Regex Algorithmic Complexity Causes Denial of Service

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

Django Regex Algorithmic Complexity Causes Denial of Service

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...