9244 matches found
Denial of service
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
CVE-2020-7661
CVE-2020-7661 affects the url-regex package (and related urlregex) with a Regular Expression Denial of Service caused by catastrophic backtracking when testing very long strings in String.test. Affected: url-regex/url-regex-based packages (Node.js/npm ecosystem) with versions prior to the fix. Im...
CVE-2020-7661
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...
PT-2020-3969 · Url-Regex · Url-Regex
Name of the Vulnerable Software and Affected Versions: url-regex versions prior to a fixed version Description: The issue is related to a Regular Expression Denial of Service in the url-regex package. An attacker can cause a Denial of Service by providing a very long string in String.test. This c...
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
Regular Expression Denial Of Service (ReDoS)
websocket-extensions is vulnerable to regular expression denial of service ReDoS. The vulnerability exists in the regular expression used to parse quotes, allowing an unclosed string parameter value, of a repeating two-byte sequence of a backslash and another character, to parse in quadratic time...
Medium: python
Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1615)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Regular Expression Denial of Service (ReDoS)
Overview websocket-extensions is a Generic extension manager for WebSocket connections Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The EXTLIST variable within extension parser may take quadratic time when parsing literal backslash \ followed by...
vCloud Director 9.7.0.15498291 - Remote Code Execution
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
vCloud Director 9.7.0.15498291 Remote Code Execution
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1615)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation...
Internet Bug Bounty: [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
CVE ID: CVE-2020-10543 See: + https://metacpan.org/pod/release/XSAWYERX/perl-5.30.3/pod/perldelta.pod + https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod Impact Potential RCE...
Exploit for Expression Language Injection in Vmware Vcloud_Director
CVE-2020-3956 PoC exploit for VMware Cloud Dir...
CVE-2020-10878
Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. An application written in Perl would only be vulnerable to this flaw if it evaluat...
CVE-2020-12723
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive Sstudychunk calls. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in th...
CVE-2020-10543
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular...
Denial Of Service (DoS)
openJDK is vulnerable to denial of service. The vulnerability exists through incorrect handling of empty string nodes in regular expression Parser which allows an attacker to cause an application crash...
Important: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: java-1.7.1-ibm security update
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...