Hewlett Packard Enterprise Intelligent Management Center choosePerfView Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center devSoftSel Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

RHEL 8 : dotnet (RHSA-2019:1259)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1259 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib

A flaw was found in the way catastrophic backtracking was implemented in python's difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service...

python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib

A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service...

Arbitrary Code Execution

Perl is vulnerable to arbitrary code execution. A heap-based buffer-overflow vulnerability could occur because Perl fails to properly bounds-check user-supplied input. An attacker could gain write access via a crafted regular expression which triggers invalid write operations...

Out-of-Bounds Write

PHP is vulnerable to out-of-bounds writes. This occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parsecharclass could create an execution path that leaves a critical local variable...

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds reads. The vulnerability exists in mbcenclen during regular expression searching. reg-dmin in forwardsearchrange when not handled properly would result in an invalid pointer dereference as an out-of-bounds read from a stack buffer...

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds reads. The vulnerability exists in matchat during regular expression searching because of a logical error involving order of validation and access in matchat...

Out-of-Bounds Write

PHP is vulnerable to out-of-bounds write vulnerability. The vulnerability exists in nextstateval during regular expression compilation in in Oniguruma. Octal numbers larger than 0xff are not handled correctly in fetchtoken and fetchtokenincc. A malformed regular expression containing an octal...

EulerOS Virtualization 3.0.1.0 : pcre (EulerOS-SA-2019-1558)

According to the versions of the pcre packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - PCRE before 8.36 mishandles the /?Ra|?1+/ pattern and related patterns with certain recursion, which allows remote attackers to cau...

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

CVE-2017-16116

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods...

Regular Expression Denial-of-Service (DoS)

remarkable is vulnerable to regex denial of service. Malicious users can craft a string inside the CDATA tag to cause the regex function to consume a large amount of system resources that could potentially result in a crash...

EulerOS Virtualization 3.0.1.0 : perl (EulerOS-SA-2019-1464)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write...

EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)

According to the versions of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the File Information fileinfo extension rules for detecting AWK files. A remote attacker coul...

CVE-2019-12041

lib/common/htmlre.js in remarkable 1.7.1 allows Regular Expression Denial of Service ReDoS via a CDATA section...

Design/Logic Flaw

lib/common/htmlre.js in remarkable 1.7.1 allows Regular Expression Denial of Service ReDoS via a CDATA section...

CVE-2019-12041

lib/common/htmlre.js in remarkable 1.7.1 allows Regular Expression Denial of Service ReDoS via a CDATA section...

PT-2019-12629 · Remarkable · Remarkable

Name of the Vulnerable Software and Affected Versions: remarkable version 1.7.1 Description: The issue allows for Regular Expression Denial of Service ReDoS via a CDATA section in the lib/common/html re.js file. Recommendations: For version 1.7.1, at the moment, there is no information about a...