DEBIAN-CVE-2015-8854

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...

CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CVE-2015-8854

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...

Code injection

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...

CVE-2015-8855

The CVE-2015-8855 entry concerns the semver package for Node.js, where versions before 4.3.2 are vulnerable to a regular expression denial of service (ReDoS) via an excessively long version string. Root cause: an error in the regular expression implementation within semver. Impact: potential CPU ...

CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CVE-2015-8315

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CVE-2015-8315

The Node.js ms module is vulnerable to a regular expression denial of service (ReDoS) when parsing extremely long version strings. This affects versions before 0.7.1 and can cause CPU exhaustion, potentially degrading availability. Multiple sources (NVD entry CVE-2015-8315 and OSS/NVD mirrors, np...

CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code as a result of violating the search functionality...

MS12-022: Description of the security update for Expression Design 3: March 13, 2012

MS12-022: Description of the security update for Expression Design 3: March 13, 2012 INTRODUCTION Microsoft has released security bulletin MS12-022. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS12-022: Description of the security update for Expression Design 4: March 13, 2012

MS12-022: Description of the security update for Expression Design 4: March 13, 2012 INTRODUCTION Microsoft has released security bulletin MS12-022. To view the complete security bulletin, visit one of the following Microsoft websites: Home...

MS12-043: Description of the security update for XML Core Services 5.0 when it is installed together with Office 2007, Office Compatibility Pack, Office Word Viewer, Expression Web, or Expression Web 2: August 14, 2012

MS12-043: Description of the security update for XML Core Services 5.0 when it is installed together with Office 2007, Office Compatibility Pack, Office Word Viewer, Expression Web, or Expression Web 2: August 14, 2012 View products that this article applies to.Microsoft has released security...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class arises due to a violation of the buffer’s initial boundary. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code upon installing a plugin...

The vulnerability of the Flash Player software allows a perpetrator to execute arbitrary code.

The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by manipulating the functions of the software...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code as a result of violating the search functionality...