9086 matches found
UBUNTU-CVE-2015-8389
PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...
UBUNTU-CVE-2015-8392
PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...
CVE-2015-8384
PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...
PT-2015-7788 · Kde +4 · Konqueror +4
Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns the mishandling of 123 subroutine calls and related subroutine calls in regular expressions. This allows remote attackers to cause a denial of service, specifically an integer...
file, python security update
CentOS Errata and Security Advisory CESA-2015:2155 Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
Oracle Linux 7 : file (ELSA-2015-2155)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2155 advisory. - fix CVE-2014-8116 - bump the acceptable ELF program headers count to 2048 - fix CVE-2014-0207 - cdfreadshortsector insufficient boundary check - fix...
Oracle: Security Advisory (ELSA-2015-2155)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Regular Expression Denial of Service
Overview Versions of millisecond prior to 0.1.2 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of concept var ms = require'millisecond'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result ...
netcf: augeas path expression injection via interface name
A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...
Low: Red Hat Security Advisory: grep security and bug fix update
Updated grep packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: Red Hat Bug Fix Advisory: pcre bug fix update
Updated pcre packages that fix several bugs are now available for Red Hat Enterprise Linux 7. PCRE is a Perl-compatible regular expression library. This update fixes the following bugs: Previously, non-matched groups within capturing groups up to a forced match were not being properly reset by...
CVE-2007-2026
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...
CVE-2009-3626
Perl 5.10.1 allows context-dependent attackers to cause a denial of service application crash via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match...
CVE-2009-0819
sql/itemxmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service crash via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue or UpdateXML," which triggers an assertion failure...
Regular Expression Denial of Service
Overview Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = "";...
Regular Expression Denial of Service
Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...
Regular Expression Denial of Service
Overview The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in. Proof of concept var jadedown = require'jadedown'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...
Regular Expression Denial of Service
Overview The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...
Regular Expression Denial of Service
Overview Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = resu...
Regular Expression Denial of Service
Overview All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this...