Lucene search
K

9323 matches found

Veracode
Veracode
added 2020/04/10 1:10 a.m.14 views

Denial Of Service (DoS)

boost is vulnerable to denial of service. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause...

5CVSS5.1AI score0.02686EPSS
Exploits1References23Affected Software1
Veracode
Veracode
added 2020/04/10 1:10 a.m.19 views

Denial Of Service (DoS)

boost is vulnerable to denial of service DoS. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could...

5CVSS5AI score0.01957EPSS
Exploits0References23Affected Software1
Veracode
Veracode
added 2020/04/10 12:59 a.m.76 views

Remote Code Execution (RCE)

JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...

6.8CVSS3.4AI score0.02593EPSS
Exploits0References13Affected Software50
Veracode
Veracode
added 2020/04/10 12:53 a.m.22 views

Denial Of Service (DoS)

WebKitGTK+ is vulnerable to Denial of Service DoS. It is due to some flaws allowing remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression...

9.3CVSS7.3AI score0.06012EPSS
Exploits0References20Affected Software1
Veracode
Veracode
added 2020/04/10 12:46 a.m.53 views

Arbitrary Code Execution

jboss-seam2 is vulnerable to arbitrary code execution. The vulnerability exists as an input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language EL expressions. A remote attacker could use this flaw to execute arbitrary code via a URL,...

8.8CVSS3.7AI score0.83397EPSS
Exploits8References10Affected Software1
Veracode
Veracode
added 2020/04/10 12:26 a.m.33 views

Denial Of Service (DoS)

ruby is vulnerable to denial of service. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash...

5CVSS2.4AI score0.15678EPSS
Exploits1References28Affected Software1
Veracode
Veracode
added 2020/04/10 12:20 a.m.29 views

Arbitrary Code Execution

perl is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the...

7.5CVSS4.5AI score0.0483EPSS
Exploits1References56Affected Software1
Veracode
Veracode
added 2020/04/10 12:19 a.m.24 views

Denial Of Service (DoS)

postgresql is vulnerable to denial of service DoS. The vulnerability exists in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory...

6.8CVSS3.7AI score0.03644EPSS
Exploits0References40Affected Software1
RedHat Linux
RedHat Linux
added 2020/04/08 9:46 p.m.3 views

envoy: crafted request with long URI allows remote attacker to cause denial of service

A flaw was found in Envoy through version 1.11.1. Users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote attacker may send a request with a very long URI to result in a denial of service through memory consumption. The highest thre...

7.5CVSS7.1AI score0.03417EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2020/04/08 9:41 p.m.24 views

CVE-2019-14232

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS4AI score0.03502EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2020/04/07 1:23 p.m.5 views

Exploit for Expression Language Injection in Sonatype Nexus

CVE-2020-10199-10204 http://1984-0day.com python3 poc.py...

9CVSS7.3AI score0.99064EPSS
Exploits11
RedHat Linux
RedHat Linux
added 2020/04/07 9:36 a.m.83 views

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

9.1CVSS6.8AI score0.11844EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2020/04/07 12:0 a.m.45 views

RHEL 7 : python (RHSA-2020:1346)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.1CVSS6.8AI score0.11844EPSS
Exploits4References15
RedHat Linux
RedHat Linux
added 2020/04/06 9:2 a.m.4 views

Django: backtracking in a regular expression in django.utils.text.Truncator leads to DoS

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability i...

7.5CVSS7.2AI score0.03502EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/04/03 9:48 p.m.478 views

Regular Expression Denial of Service in Acorn

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...

4.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2020/04/03 9:48 p.m.1 views

GHSA-6CHW-6FRG-F759 Regular Expression Denial of Service in Acorn

Affected versions of acorn are vulnerable to Regular Expression Denial of Service. A regex in the form of /x-\ud800/u causes the parser to enter an infinite loop. The string is not valid UTF16 which usually results in it being sanitized before reaching the parser. If an application processes...

7.5CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/02 7:58 p.m.39 views

CVE-2018-7158

It was found that the 'path' module from Node.js was vulnerable to a Regular Expression Denial of Service REDoS flaw. An attacker able to provide a specially crafted file path to a Node.js script could force it to hang indefinitely...

7.5CVSS1.8AI score0.03381EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.259 views

openSUSE Security Update : ruby2.5 (openSUSE-2020-395)

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...

8.1CVSS6.9AI score0.29726EPSS
Exploits8References14
OSV
OSV
added 2020/04/01 7:15 p.m.2 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8CVSS7.3AI score0.99064EPSS
Exploits10References5
RedHat Linux
RedHat Linux
added 2020/04/01 8:39 a.m.95 views

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.1CVSS6.8AI score0.11844EPSS
Exploits4References7
Rows per page
Query Builder