CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

ReDoS in brace-expansion

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation Update to...

GHSA-832H-XG76-4GV6 ReDoS in brace-expansion

Affected versions of brace-expansion are vulnerable to a regular expression denial of service condition. Proof of Concept var expand = require'brace-expansion'; expand',,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\n'; Recommendation Update to...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

DEBIAN-CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

Code injection

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

Keybase: Keybase extension hostname-validation regular expression issue.

Description The following snippet in js/identities.js allows all hostnames ending in twitter.com, facebook.com, etc. to display the Keybase message window. The issue stems from the fact that you use . instead of \. in your regular expression. js service: "twitter", getUsername: functionloc return...

GHSA-CRMX-V835-HCP4 Moderate severity vulnerability that affects marked

Withdrawn This advisory has been withdrawn, per NVD: "This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue." Original Description A Regular expression Denial of Service ReDoS vulnerability in the file marked.js of the marked npm package tested on...

Remote Code Execution (RCE)

primefaces is vulnerable to remote code execution RCE. It uses weak encryption on the PrimeSecret and PrimeOracle which allows expression language injection and remote code execution...

Updated perl packages fix security vulnerability

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory without the user realising and potentially leading to privilege escalation...

Updated perl packages fix security vulnerability

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...

Enigmail Denial of Service Vulnerability

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. A denial of service vulnerability exists in versions of Enigmail prior to 1.9.9. The vulnerability arises because...

CVE-2017-15313

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

Input validation

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

CVE-2017-15313

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

Regular Expression Denial Of Service (ReDoS)

ecstatic is vulnerable to regular expression denial of service DoS attacks. An attacker can use a string which contains a large number of null bytes in it to overload a server and cause a denial of service condition...

Design/Logic Flaw

A regular expression Denial of Service DoS vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string...