Stack-based Buffer Overflow

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Server Caching Daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that...

PT-2019-12298 · Artifex · Artifex Mujs

Name of the Vulnerable Software and Affected Versions: Artifex MuJS version 1.0.5 Description: An issue was discovered in Artifex MuJS. It has unlimited recursion because the match function in regexp.c lacks a depth check. Recommendations: For Artifex MuJS version 1.0.5, consider applying a patch...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists as the inline.text regex could require a quadratic time to complete a scan, causing ReDoS...

(0Day) Hewlett Packard Enterprise Intelligent Management Center viewBatchTaskResultDetailFact Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

(0Day) Hewlett Packard Enterprise Intelligent Management Center faultFlashEventSelectFact Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

The vulnerability of the `proceed_next_node` function in the GNU C library, which relates to the possibility of reading buffers outside the memory boundary, allows attackers to trigger a service failure.

The vulnerability in the proceednextnode function in posix/regexec.c of the GNU C library is related to the ability to read buffers outside the memory boundary, caused by comparing with a regular expression that does not depend on registers. Exploiting this vulnerability can allow an attacker to...

(0Day) Hewlett Packard Enterprise Intelligent Management Center wmiConfigContent Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

(0Day) Hewlett Packard Enterprise Intelligent Management Center perfSelectTask Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

(0Day) Hewlett Packard Enterprise Intelligent Management Center selViewNavContent Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Regular Expression Denial of Service

Overview Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgra...

SUSE SLES11 Security Update : ed (SUSE-SU-2019:14005-1)

This update for ed fixes the following security issues : CVE-2017-5357: An invalid free in the regular expression handling of the 'ed' command processing could allow local users to crash ed. bsc1019807 Note that Tenable Network Security has extracted the preceding description block directly from...

Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server shipped with Jazz for Service Management (CVE-2014-7810)

Summary Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server shipped with Jazz for Service Management CVE-2014-7810 Vulnerability Details CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypa...

(0Day) Hewlett Packard Enterprise Intelligent Management Center sshConfig Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

(0Day) Hewlett Packard Enterprise Intelligent Management Center addDeviceToView Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

SUSE-SU-2019:13985-1 Security update for libxml2

This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case leading to a denial of service attack bsc1102046 Other Issue...

The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service

The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...

The version of moment.js used in Jira was vulnerable to a regular expression denial of service

The version of moment.js used in in Jira before version 7.12.3, from version 7.13.0 before version 7.13.1 and before version 8.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...

The version of moment.js used in Jira was vulnerable to a regular expression denial of service

The version of moment.js used in in Jira before version 7.12.3, from version 7.13.0 before version 7.13.1 and before version 8.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details...

Important: perl

Issue Overview: Perl has a buffer overflow via a crafted regular expression that triggers invalid write operations. CVE-2018-18311 Affected Packages: perl Issue Correction: Run yum update perl or yum update --advisory ALAS-2019-1180 to update your system. New Packages: i686: ...

Regular Expression Denial of Service in highcharts

Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. Recommendation Upgrade to...