CVE-2020-26159

A flaw was found in oniguruma. An attacker, able to supply a regular expression for compilation, may be able to overflow a buffer by one byte in concatoptexactstr in src/regcomp.c . Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red...

Design/Logic Flaw

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

CVE-2020-25288

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

UBUNTU-CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

CVE-2019-20922

CVE-2019-20922 affects the Handlebars.js template engine before 4.4.5. The vulnerability stems from an eager RegExp matching approach in the parser, which can be forced into an endless loop by crafted templates, leading to resource exhaustion. Impact is described as denial of service via consumed...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

EulerOS 2.0 SP3 : perl (EulerOS-SA-2020-2085)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer...

Regular Expression Denial of Service (ReDoS)

Overview Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The ReDoS vulnerability ...

An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.

...

CVE-2020-3408

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability occurs because the regular expression regex engine that...

CVE-2020-3408 Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability occurs because the regular expression regex engine that...

Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability occurs because the regular expression regex engine that...

personnummer/java vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

GHSA-Q3VW-4JX3-RRR2 personnummer/java vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

FreeBSD : Python -- multiple vulnerabilities (2cb21232-fb32-11ea-a929-a4bf014bf5f7)

Python reports : bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest.... bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

Debian: Security Advisory (DSA-4765-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial Of Service (ReDoS)

locutus is vulnerable to regular expression denial of service ReDoS. An attacker is able to cause a denial of service condition by passing long strings containing repeating a characters followed by multiple a characters...

CVE-2020-7733

A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...