9290 matches found
CVE-2015-2326
CVE-2015-2326: PCRE library vulnerability in pcre_compile2 (PCRE before 8.37) allows context-dependent attackers to compile incorrect code and trigger a denial of service via an out-of-bounds read when processing a regex such as ((?+1)(\1)). The connected documents confirm the issue is tied to th...
CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
CVE-2015-2325
The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...
CVE-2015-2325
CVE-2015-2325 is a PCRE vulnerability where the compile_branch() function performs improper bounds checks, enabling a heap-based buffer overflow via a crafted regular expression (group with a forward reference repeated many times in an outer group with zero minimum quantifier). Affected: PCRE lib...
CVE-2015-2325
The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...
Adobe Patches Five Critical Illustrator CC Flaws
Adobe has released patches for five critical vulnerabilities in Adobe Illustrator CC, its popular vector graphics editor tool, which if exploited could enable arbitrary code execution. Overall Adobe patched nine vulnerabilities as part of its regularly-scheduled updates on Tuesday, including five...
Adobe Releases First 2020 Patch Tuesday Software Updates
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users...
OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
DEBIAN-CVE-2019-20334
In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...
UBUNTU-CVE-2019-20334
In Netwide Assembler NASM 2.14.02, stack consumption occurs in expr functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 and stdscan in asm/stdscan.c. This is similar to CVE-2019-6290 and CVE-2019-6291...
Regular Expression Denial Of Service (ReDoS)
vue-moment is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible because it has a vulnerable static dependency which uses a flawed regular expression taking long time in matching dates for long strings...
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...
CVE-2019-16553
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...
Code injection
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...
CVE-2019-16554
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...
CVE-2019-16555
CVE-2019-16555 affects Jenkins Build Failure Analyzer Plugin (versions 1.24.1 and earlier). The root cause is a user-supplied regular expression being processed in a non-interruptible way, enabling an attacker to have Jenkins evaluate the regex without the ability to interrupt this process. This ...
PT-2019-14710 · Jenkins · Jenkins Build Failure Analyzer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build Failure Analyzer Plugin versions 1.24.1 and earlier Description: The issue allows attackers to have Jenkins evaluate a user-supplied regular expression without the ability to interrupt this process, as the regular expression was...
ATasm Buffer Overflow Vulnerability
ATasm is a command line cross assembler for the 6502 microprocessor A buffer overflow vulnerability exists in the 'getsignedexpression' function of the setparse.c file in ATasm version 1.06. The vulnerability stems from a networked system or product performing operations in memory without properl...
ATasm Buffer Overflow Vulnerability (CNVD-2019-45902)
ATasm is a command line cross assembler for the 6502 microprocessor A buffer overflow vulnerability exists in the 'parseexpr' function of the setparse.c file in ATasm version 1.06. The vulnerability stems from a networked system or product performing operations in memory without properly validati...