Medium: docker

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Medium: runc

Issue Overview: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

CVE-2023-42404

OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...

CVE-2023-42404

OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...

CVE-2025-2811

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

USN-7464-1 jupyter-notebook vulnerability

It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service ReDoS...

USN-7464-1: Jupyter Notebook vulnerability

It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service ReDoS...

Ubuntu: Security Advisory (USN-7464-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-18091 · Onevision · Onevision Workspace

Name of the Vulnerable Software and Affected Versions: OneVision Workspace versions prior to WS23.1 SR1 build w31.040 Description: The issue allows for arbitrary Java EL execution. This means that an attacker could potentially execute malicious Java Expression Language code, leading to unauthoriz...

OneVision Workspace 安全漏洞

OneVision Workspace is a software solution for automating PDF workflows from OneVision. A security vulnerability exists in OneVision Workspace versions prior to WS23.1 SR1, which originates from allowing the execution of arbitrary Java EL expressions...

Apereo CAS has inefficient regular expression complexity

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the manipulation of the Name argument. An attacker can cause the application to consume excessive resources leading to a denial of service by sending crafted inputs designed to trigger...

CVE-2025-3986

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3986

Summary for CVE-2025-3986 : Multiple sources describe a vulnerability in Apereo CAS 5.2.6 affecting the CasConfigurationMetadataServerController.java, where manipulation of the Name argument leads to inefficient regular-expression processing (ReDoS). The issue is exploitable remotely and an explo...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the search function. An attacker can occupy excessive system resources by passing a malicious string with nested groups as the query parameter. PoC https://xxxx.sso.com/search?query=.11...

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3985

CVE-2025-3985 affects Apereo CAS 5.2.6. The vulnerability lies in the ManageRegisteredServicesMultiActionController.java handling of the Query argument, causing inefficient regular expression backtracking (ReDoS) and potential remote exploitation. Public disclosures exist, with no fixed version r...

PT-2025-18016

Name of the Vulnerable Software and Affected Versions Apereo CAS version 5.2.6 Description A vulnerability was found in Apereo CAS, affecting the function ResponseEntity of the file ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient...