CVE-2018-15863

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...

pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)

The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...

Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

GHSA-2M39-62FM-Q8R3 Regular Expression Denial of Service in sshpk

Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later...

GHSA-GXPJ-CX7G-858C Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

PT-2018-13250 · Xkbcommon +5 · Xkbcommon +5

Name of the Vulnerable Software and Affected Versions: xkbcommon versions prior to 0.8.2 Description: The issue is related to unchecked NULL pointer usage in the ExprResolveLhs function in xkbcomp/expr.c. This could be exploited by local attackers to crash the xkbcommon parser by supplying a...

Sensitive Information Leakage

IdentityServer3 is vulnerable to sensitive information leakage. The leakage of identityserver responses is possible because there is a flaw in Angular expression on the authorize response page...

Moderate severity vulnerability that affects moment

Withdrawn, accidental duplicate publish. The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service CPU consumption via a long string, aka a "regular expression Denial of Service ReDoS."...

Regular Expression Denial of Service in hawk

Versions of hawk prior to 3.1.3, or 4.x prior to 4.1.1 are affected by a regular expression denial of service vulnerability related to excessively long headers and URI's. Recommendation Update to hawk version 4.1.1 or later...

[SECURITY] Fedora 27 Update: mutt-1.9.2-2.fc27

Mutt is a small but very powerful text-based MIME mail client. Mutt is highly configurable, and is well suited to the mail power user with advanced features like key bindings, keyboard macros, mail threading, regular expression searches and a powerful pattern matching language for selecting group...

Regular Expression Denial of Service in fresh

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.5.2 or later...

GHSA-9QJ9-36JM-PRPV Regular Expression Denial of Service in fresh

Affected versions of fresh are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.5.2 or later...

GHSA-MPCF-4GMH-23W8 Regular Expression Denial of Service in forwarded

Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.1.2 or later...

Regular Expression Denial of Service in forwarded

Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.1.2 or later...

GHSA-G36H-6R4F-3MQP Regular Expression Denial of Service in string package

Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...

Regular Expression Denial of Service in string package

Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution is to avo...

Regular Expression Denial of Service in tough-cookie

Affected versions of tough-cookie are susceptible to a regular expression denial of service. The amplification on this vulnerability is relatively low - it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length. If node was compiled using the...