Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9184 matches found

UbuntuCve
UbuntuCveadded 2018/06/07 2:29 a.m.20 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.1AI score0.00328EPSS
Exploits0References2
Prion
Prionadded 2018/06/07 2:29 a.m.10 views

Design/Logic Flaw

The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods...

5CVSS7.4AI score0.00366EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2018/06/07 2:29 a.m.10 views

Default credentials

charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTPMAXHEADERSIZE= option the default header max length is 80kb, so the impact of the ReDoS is...

5CVSS7.5AI score0.00328EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2018/06/07 2:29 a.m.17 views

Input validation

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

5CVSS6AI score0.00102EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCveadded 2018/06/07 2:29 a.m.15 views

CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

5.3CVSS6.4AI score0.00102EPSS
Exploits0References2
Prion
Prionadded 2018/06/07 2:29 a.m.18 views

Design/Logic Flaw

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...

5CVSS7.4AI score0.57769EPSS
Exploits2References1
UbuntuCve
UbuntuCveadded 2018/06/07 2:29 a.m.21 views

CVE-2017-16138

The mime module 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input...

7.5CVSS7.1AI score0.00433EPSS
Exploits1References5
Prion
Prionadded 2018/06/07 2:29 a.m.17 views

Denial of service

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

5CVSS7.3AI score0.00403EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCveadded 2018/06/07 2:29 a.m.20 views

CVE-2017-16114

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

7.5CVSS7.1AI score0.00403EPSS
Exploits1References2
Prion
Prionadded 2018/06/07 2:29 a.m.15 views

Race condition

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

5CVSS7.3AI score0.006EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2018/06/07 2:29 a.m.13 views

Input validation

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed...

5CVSS7.4AI score0.00303EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2018/06/07 2:0 a.m.52 views

CVE-2017-16116

The CVE-2017-16116 entry corresponds to the Node.js string module. The vulnerability is a regular expression denial of service (ReDoS) triggered by untrusted input passed to the underscore or unescapeHTML methods. Impact described as potential denial of service. Public remediation details in the ...

7.5CVSS7.3AI score0.00366EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2018/06/07 2:0 a.m.13 views

CVE-2017-16118

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.3AI score0.006EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2018/06/07 2:0 a.m.16 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.4AI score0.00328EPSS
Exploits0
CVE
CVEadded 2018/06/07 2:0 a.m.74 views

CVE-2017-16113

CVE-2017-16113 affects the parsejson module, where a regular expression denial of service (ReDoS) can be triggered by untrusted input during JSON parsing. Affected details across sources consistently describe a ReDoS risk in parsejson, with CVSS v3.0 base score 7.5 (HIGH) and impact on availabili...

7.5CVSS7.3AI score0.00303EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2018/06/07 2:0 a.m.1071 views

CVE-2017-16138

CVE-2017-16138 affects the mime Node.js module, with vulnerable versions including

7.5CVSS7.1AI score0.00433EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVEadded 2018/06/07 2:0 a.m.25 views

CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

5.3CVSS5.5AI score0.00102EPSS
Exploits0
Cvelist
Cvelistadded 2018/06/07 2:0 a.m.14 views

CVE-2017-16113

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed...

7.4AI score0.00303EPSS
Exploits1References2
Cvelist
Cvelistadded 2018/06/07 2:0 a.m.15 views

CVE-2017-16137

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

6.9AI score0.00102EPSS
Exploits0References5
Cvelist
Cvelistadded 2018/06/07 2:0 a.m.12 views

CVE-2017-16099

The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition...

7.3AI score0.00334EPSS
Exploits0References2
Rows per page
Query Builder