OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

DEBIAN-CVE-2019-20334

In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...

UBUNTU-CVE-2019-20334

In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...

Regular Expression Denial Of Service (ReDoS)

vue-moment is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible because it has a vulnerable static dependency which uses a flawed regular expression taking long time in matching dates for long strings...

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

CVE-2019-16553

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

Code injection

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

CVE-2019-16555

CVE-2019-16555 affects Jenkins Build Failure Analyzer Plugin (versions 1.24.1 and earlier). The root cause is a user-supplied regular expression being processed in a non-interruptible way, enabling an attacker to have Jenkins evaluate the regex without the ability to interrupt this process. This ...

PT-2019-14710 · Jenkins · Jenkins Build Failure Analyzer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 1.24.1 and earlier Description: The issue allows attackers to have Jenkins evaluate a user-supplied regular expression without the ability to interrupt this process, as the regular expression was...

ATasm Buffer Overflow Vulnerability (CNVD-2019-45902)

ATasm is a command line cross assembler for the 6502 microprocessor A buffer overflow vulnerability exists in the 'parseexpr' function of the setparse.c file in ATasm version 1.06. The vulnerability stems from a networked system or product performing operations in memory without properly validati...

ATasm Buffer Overflow Vulnerability

ATasm is a command line cross assembler for the 6502 microprocessor A buffer overflow vulnerability exists in the 'getsignedexpression' function of the setparse.c file in ATasm version 1.06. The vulnerability stems from a networked system or product performing operations in memory without properl...

CVE-2019-19786

ATasm 1.06 has a stack-based buffer overflow in the parseexpr function in setparse.c via a crafted .m65 file...

EulerOS 2.0 SP5 : libxkbcommon (EulerOS-SA-2019-2540)

According to the versions of the libxkbcommon packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash...

Outdated Static Dependency

Overview Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has [email protected] that contains a Regular Expression Denial of Service vulnerability. Recommendation...

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Cross-Site Scripting (XSS)

devalue is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript on a victim's browser using a malicious regular expression containing Javascript...

[SECURITY] [DLA 2020-1] libonig security update

Package : libonig Version : 5.9.5-3.2+deb8u4 CVE ID : CVE-2019-19012 CVE-2019-19204 CVE-2019-19246 Debian Bug : 944959 945313 Several vulnerabilities were discovered in the Oniguruma regular expressions library, notably used in PHP mbstring. CVE-2019-19012 An integer overflow in the searchinrange...

EulerOS Virtualization for ARM 64 3.0.3.0 : perl (EulerOS-SA-2019-2326)

According to the versions of the perl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow,...