9244 matches found
Regular Expression Denial Of Service (ReDoS)
html-dom-parser is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible due to improper usage of regular expression in HEADREGEX and BODYREGEX, allowing a malicious user to crash the application by passing malicious strings...
Regular Expression Denial Of Service (ReDoS)
color-string is vulnerable to regular expression denial of service. The vulnerability exists due to the quadratic worst-case time complexity of regular expressions in cs.get.hsl and cs.get.hwb functions in index.js when a string has more than 5000 characters, allowing a malicious user to cause an...
SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2020:1682-1)
This update for perl fixes the following issues : CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data bsc1171863. CVE-2020-10878: Fixed multiple integer overflows which could have allowed the...
SUSE-SU-2020:1511-2 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 April 2020 CPU, bsc1169511. Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service bsc1169511. - CVE-2020-2755: Fixed an...
Cross-Site Scripting (XSS)
markdown2 is vulnerable to cross-site scripting XSS attacks. The vulnerability is introduced because of using a loosely defined regular expression for incompletetagsre string in the function encodeampsandangles causing a bypass of HTML element if a user passes a malicious string with a new line...
[SECURITY] Fedora 32 Update: mutt-1.14.5-1.fc32
Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...
EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2020-1717)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as...
Regular Expression Denial Of Service (ReDoS)
is-my-json-valid is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible due to improper usage of regular expression in style format field, allowing a malicious user to crash the application by passing malicious strings...
Denial of Service in nescalante/urlregex
Overview urlregex No-dependency URL validation for Node and the browser. This package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long string in String.test can cause a Denial of Service attack. PoC node const urlRegex = require"urlregex"; const isValid =...
GHSA-V4RH-8P82-6H5W Regular expression denial of service in url-regex
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
Regular expression denial of service in url-regex
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
Security update for perl (important)
openSUSE Security Update: Security update for perl Announcement ID: openSUSE-SU-2020:0850-1 Rating: important References: 1171863 1171864 1171866 1172348 Cross-References: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 Affected Products: openSUSE Leap 15.1 An update that solves three vulnerabilitie...
SUSE-SU-2020:1682-1 Security update for perl
This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data bsc1171863. - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the...
Regular Expression Denial Of Service (ReDoS)
wappalyzer is vulnerable to regular expression denial of service. A catastrophic backtracking vulnerability in the regular expression used to parse URL allows an attacker to cause excessive resource consumption which can lead to a browser crash...
nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...
nodejs-brace-expansion: Regular expression denial of service
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...
CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a ?C substring. Mitigation This flaw can be mitigated by not compiling regular expressions with a callout value greater outside of 0-255 or handling the value passed to the callback within the application code...
Qbot Trojan Reappears to Go After U.S. Banking Customers
Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Its latest variant features fresh capabilities to help it remain undetected. Qbot a.k.a. Qakbot or Pinkslipbot harvests browsing data...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1646)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Mitigation To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler...