9183 matches found
ALPINE-CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
Denial of Service
Overview All versions of foreman are vulnerable to Regular Expression Denial of Service when requests to it are made with a specially crafted path. Recommendation Upgrade to version 3.0.1. References - HackerOne Report - https://github.com/strongloop/node-foreman/blob/v2.0.0/forward.jsL30 - GitHu...
MGASA-2018-0241 Updated perl packages fix security vulnerabilities
Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...
HPE Intelligent Management Center WmiConfigContent Expression Language Injection (CVE-2017-12526)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of request parameter on wmiConfigContent.xhtml...
Regular Expression Denial Of Service (ReDoS)
marked is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a string that when parsed can cause a ReDoS...
Regular Expression Denial Of Service (ReDoS)
spring-messaging is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS...
openSUSE Security Update : apache2 (openSUSE-2018-438)
This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...
Denial Of Service (DoS)
node is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists in the path module of Node.js 4.x releases that contains a bad regex defined in splitPathRe that causes ReDoS attacks when parsing malicious paths...
SRC-2019-0042 : Hewlett Packard Enterprise Intelligent Management Center ForwardRedirect Expression Language Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...
Regular Expression Denial Of Service (ReDoS)
plist is vulnerable to regular expression denial of service DoS attacks. The vulnerability exists as a vulnerable regular expression string is used, causing a DoS attack when parsing a malicious string...
Regular Expression Denial Of Service (ReDoS)
rgb2hex is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a malicious color string in hexadecimal number that when parsed can cause a ReDoS...
Regular Expression Denial Of Service (ReDoS)
foreman is vulnerable to regular expression denial of service ReDoS. The vulnerability is possible because regular expressions used for URL path are not filtering the evil string input by the attacker...
Amazon Linux AMI : python34 / python35,python36,python27 (ALAS-2018-1003)
DOS via regular expression catastrophic backtracking in apop method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. CVE-2018-1060 DOS via regular expression backtracking...
Medium: python34, python35, python36, python27
Issue Overview: DOS via regular expression catastrophic backtracking in apop method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service. CVE-2018-1060 DOS via regular...
Regular Expression Denial of Service
Overview Versions of sshpk before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys. Recommendation Update to version 1.13.2, 1.14.1 or later. References - https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.jsL17 -...
Fedora 27 : 1:perl-Module-CoreList / 4:perl (2018-1c8b49fbc7)
This release provides Perl 5.24.4 that fixes a heap buffer overflow in the pack function and two overflows in the regular expression engine. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Regular Expression Denial of Service
Overview Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 1.4.1, 2.17.2 or later. References - GitHub PR 159 - GitHub Commit b3051b2 - HackerOne Report - GitHub Advis...