11 matches found
libarchive: Buffer Overflow vulnerability in libarchive
A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...
CVE-2025-25724
A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...
PKP customLocale Cross-Site Request Forgery Vulnerability
PKP customLocale is PKP's custom locale plugin for OPS, OJS and OMP. A cross-site request forgery vulnerability exists in PKP customLocale versions prior to 1.2.0-1, which can be exploited by an attacker to send a fake request to a user...
PT-2023-32404 · Unknown · Pkp/Customlocale
Name of the Vulnerable Software and Affected Versions: pkp/customLocale versions prior to 1.2.0-1 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository pkp/customLocale. CSRF is an attack that tricks a user into performing unintended actions on a web...
Regular Expression Denial Of Service (ReDoS)
angular is vulnerable to regular expression denial of service. An attacker can crash the application by providing a very high value of custom locale rule through the posPre attribute in the parsePattern function of parser.js...
CVE-2022-25844
A flaw was found in the Angular package. The angular package is vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
UBUNTU-CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
CVE-2022-25844
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service ReDoS by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat of NUMBERFORMATS.PATTERNS1.posPre with a very high value. Note: 1 This package has been deprecated an...
PT-2022-6868
Name of the Vulnerable Software and Affected Versions angular versions 1.7.0 and higher Description The issue is related to the use of a regular expression with inefficient computational complexity in the Angular application design environment and single-page application development platform. Thi...