openSUSE Security Update : zsh (openSUSE-2018-1094)

This update for zsh to version 5.6.2 fixes the following issues : These security issues were fixed : - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296 - CVE-2018-13259: Shebang lines exceeding 6...

Regular Expression Denial Of Service (ReDoS)

truncate is vulnerable to Regular Expression Denial of Service ReDoS. A malicious user can pass a string to truncate that can cause a ReDoS...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists because the string parser does not use proper regular expressions to filter out malicious strings passing to it...

List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1

List of changes and fixed issues in the .NET Framework 3.5 Service Pack 1 Summary This article describes the following aspects of the Microsoft .NET Framework 3.5 Service Pack 1 SP1: Hotfixes that are included in this service pack New features and functionalities Note This update also includes...

js-bson vulnerable to REDoS

The MongoDB bson JavaScript module also known as js-bson versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service ReDoS in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString function is called to parse a long untrusted string...

UBUNTU-CVE-2018-16976

Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

Regular Expression Denial Of Service (ReDoS)

devise-security is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the usage of a vulnerable regular expression that allows a malicious string to cause a ReDoS attack when parsed...

RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

Regular Expression Denial Of Service (ReDoS)

onebox is vulnerable to regular expression denial of service DoS. The vulnerability is possible because it does not escape the image URLs parameter directly using as HTML...

Important: pcre

Issue Overview: The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

Explained: regular expression (regex)

Regular expression, or "regex" for short, is a mathematical term for the theory used to describe regular languages. But in computing, regexes are used to search for patterns in files and databases, and their functionality is incorporated into many modern programming languages. Regex search patter...

Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

GHSA-WQG7-VRJ7-V82H Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Design/Logic Flaw

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

CVE-2018-11615

CVE-2018-11615 affects the mosca broker (npm mosca) 2.8.1. The vulnerability is rooted in topic processing: a crafted regular expression can trigger a denial-of-service condition, crashing the broker without requiring authentication. The primary exploit path is remote, leading to availability imp...

CVE-2018-11615

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Regular Expression Denial Of Service (ReDoS)

lodash is vulnerable to Regular Expression Denial of Service ReDoS attacks. The library uses a regular expression that does not properly handle processing a large amount of characters, allowing a malicious user to cause a ReDoS...

GHSA-F523-2F5J-GFCG Regular Expression Denial of Service in timespan

Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is available f...

Regular Expression Denial Of Service (ReDoS)

is-url is vulenrable to regular expression denial of service ReDoS. An attacker is able to create a denial of service condition on the server via a specially crafted URL...

Regular Expression Denial Of Service (ReDoS)

ducktype is vulnerable to regular expression denial of service ReDoS. An attacker will be able to create a denial of service condition on the server via a specially crafted URL...