hibernate-validator: Improper input validation in the interpolation of constraint error messages

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

hibernate-validator: Improper input validation in the interpolation of constraint error messages

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

hibernate-validator: Improper input validation in the interpolation of constraint error messages

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

Remote Code Execution (RCE)

struts2-core is vulnerable to remote code execution RCE. The vulnerability exists through the possibility of a forced double OGNL expression through the $itemValue expression in simple/radiomap.ftl...

The moment.js version 2.9.0 is vulnerable to regular expression denial of service

h3. Issue Summary Bamboo uses moment.js version 2.9.0 which is vulnerable to regular expression denial of service. For additional details see https://github.com/moment/moment/issues/2936 and https://www.npmjs.com/advisories/55. h3. Suggested Solution Upgrade moment.js to version = 2.11.2...

Regular Express Denial Of Service (ReDoS)

wappalyzer is vulnerable to denial of service DoS. The vulnerability exists as it uses a regular expression that does not restrict the amount of 0-9., allowing a long string to exhaust memory...

RHEL 8 : java-1.8.0-openjdk (RHSA-2020:1515)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1515 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Integer Overflow

Perl has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

Denial Of Service (DoS)

perl is vulnerable to denial of service DoS. The vulnerability exists through a buffer overflow via a crafted regular expression because of recursive Sstudychunk calls...

Amazon Linux 2 : python, python3 (ALAS-2020-1471)

The version of python installed on the remote host is prior to 2.7.18-1. The version of python3 installed on the remote host is prior to 3.7.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1471 advisory. 2023-10-25: CVE-2022-48560 was added to this...

Medium: python, python3

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

EulerOS 2.0 SP8 : perl (EulerOS-SA-2020-1820)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Perl before 5.30.3 has an integer overflow related to mishandling of a 'PLregkindOPn == NOTHING' situation. A crafted regular expression could lea...

Medium: python27, python34, python35, python36

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

OSV-2020-1430 Segv on unknown address in clang::Parser::ParseCXXAmbiguousParenExpression

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19617 Crash type: Segv on unknown address Crash state: clang::Parser::ParseCXXAmbiguousParenExpression clang::Parser::ParseParenExpression clang::Parser::ParseCastExpression...

OSV-2020-1429 Segv on unknown address in clang::OverloadExpr::find

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19972 Crash type: Segv on unknown address Crash state: clang::OverloadExpr::find clang::Sema::ResolveAndFixSingleFunctionTemplateSpecialization clang::Sema::CheckPlaceholderExpr...

OSV-2020-1399 Segv on unknown address in clang::StmtVisitorBase<llvm::make_const_ptr, RecordExprEvaluator, bool>::Visit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19152 Crash type: Segv on unknown address Crash state: clang::StmtVisitorBase::Visit clang::StmtVisitorBase::Visit EvaluateInPlace...

Amazon Linux 2 : libxml2 (ALAS-2020-1466)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1466 advisory. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when...

HPE IMC deploySelectBootrom Remote Code Execution

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter provided to the deploySelectBootrom.xhtml endpoint. A remote attacker could exploit this vulnerability by sending a...

OS Command Injection

kylin-core-common is vulnerable to OS command injection. The vulnerability exists as it uses a regular expression which provided insufficient blacklist of characters, allowing prohibited characters to be interpreted and executed...

Regular Expression Denial Of Service (ReDoS)

wicket is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible due to improper usage of regular expression in trimParens field, allowing a malicious user to crash the application by passing malicious strings...