CVE-2018-7560

The CVE-2018-7560 issue affects the npm package aws-lambda-multipart-parser prior to version 0.1.2 by Anton Myshenin. The vulnerability is a Regular Expression Denial of Service (ReDoS) in index.js triggered by specially crafted multipart/form-data boundary strings, potentially enabling a denial ...

Spoofing

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...

UBUNTU-CVE-2018-7651

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...

CVE-2018-7651

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...

CVE-2018-7651

The CVE-2018-7651 entry concerns the Node.js ssri module. Affected component: index.js in ssri prior to 5.2.2. Root cause: a regular expression denial of service (ReDoS) in strict mode triggered by a long base64 hash string. Impact: potential DoS condition; no exploitation specifics provided in t...

UBUNTU-CVE-2017-18212

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

Regular Expression Denial Of Service (ReDoS)

ssri is vulnerable to regular expression denial of service ReDoS attacks. If an application is using the opts.strict option, attackers can inject extremely long base64 hash strings to cause the application to hang...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:html-dom-parser is a HTML to DOM parser that works on both the server and client. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It used a regular expression /\s\S/ and /\s\S/ in order to find html tags. This can cause an...

Node.js third-party modules: Regular Expression Denial of Service (ReDoS)

The issue was already fixed. Module: is-my-json-valid Summary: Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS attacks. It used a regular expression /^\S+@\S+$/ in order to validate emails. This can cause an impact of about 10 seconds matching time f...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the 1 redir or 2 mkey parameter to waf/pcreexpression/validate...

openSUSE Security Update : chromium (openSUSE-2018-128)

This update for chromium to version 64.0.3282.140 fixes the following security issues : - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

OPENSUSE-SU-2018:0359-1 Security update for chromium

This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01...

OPENSUSE-SU-2018:0360-1 Security update for chromium

This update for chromium to version 64.0.3282.140 fixes the following security issues: - CVE-2018-6406: Various asan fixes boo1078463, boo1079021 The regular expression library re2 was updated to 2018-02-01...

DEBIAN-CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

Design/Logic Flaw

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The vulnerability CVE-2018-6519 affects SimpleSAMLphp’s SAML2 library: Regular Expression Denial of Service for fraction-of-seconds in timestamps. Affected versions are SimpleSAMLphp SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1. Impact is partial availability (DoS) via netw...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...