CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

Heap overflow

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

Huawei Load Balancer Management System suffers from s2-045 remote command execution vulnerability

Load Balancer Management System is a load balancer management system. The Huawei Load Balancer Management System suffers from a s2-045 remote command execution vulnerability. The vulnerability can be exploited to execute arbitrary commands by constructing a Content-Type function in the header, as...

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

PCRE2 Buffer Overflow Vulnerability (CNVD-2017-07003)

PCRE2 is an API for modifying PCRE Open Source Regular Expression Library developed by software developer Philip Hazel. A buffer overflow vulnerability exists in the pcre2match.c file in versions of PCRE2 prior to 2017-03-10. An attacker can exploit this vulnerability to cause a denial of service...

EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1049)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly conside...

[SECURITY] Fedora 25 Update: yara-3.5.0-7.fc25

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 24 Update: yara-3.5.0-7.fc24

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 24 Update: pcre2-10.21-18.fc24

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

Evolving Analytics for Execution Trace Data

Five years ago, Mandiant released a proof of concept tool named ShimCacheParser, along with a blog post titled “Leveraging the Application Compatibility Cache in Forensic Investigations”. Since then, ShimCache metadata has become increasingly popular as a source of forensic evidence, both for...

Design/Logic Flaw

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

CVE-2016-9954

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

CVE-2016-9954

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

CVE-2016-9954

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

Regular Expression Denial Of Service (ReDoS)

useragent is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to parse the useragent headers. If an attacker edits their own headers to create an extremely long useragent string, it will cause an event loop which blocks the server...

Regular Expression Denial Of Service (ReDoS)

decamelize is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to identify camel case names. If an attacker uses the | character, they are able to add to the regular expression and consume the CPU...

Regular Expression Denial Of Service (ReDoS)

uri-js is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression that validates if a URL is validate. There is a flaw in the regular expression which causes the program to hang and the application to consume 100% of the CPU. This is only possible if...

LibSass: stack overflow #3 in libsass

./sassc test387 /dev/null triggers this stack overflow. ==9081==ERROR: AddressSanitizer: stack-overflow on address 0x7fffb48eadc0 pc 0x00000087a07b bp 0x7fffb48eba30 sp 0x7fffb48ead60 T0 0 0x87a07a in Sass::Parser::parsefactor /home/geeknik/libsass/src/parser.cpp:1379 1 0x878304 in...

Microsoft Edge browser vulnerability, which allows attackers to obtain confidential information or carry out XSS attacks

The vulnerability of the RegEx script class XXS in the Microsoft Edge browser exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform XSS attacks or obtain confidential information using undefined vectors...

CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...