9290 matches found
Regular Expression Denial of Service
Overview Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later. References GitHub Advisory...
CVE-2019-1010266
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
CVE-2019-1010266
CVE-2019-1010266 is a lodash vulnerability affecting versions before 4.17.11, caused by Uncontrolled Resource Consumption (ReDoS) in the Date handling code. The attack relies on the library matching very long strings with a regular expression, leading to a Denial of Service. The fix is to upgrade...
CVE-2019-13225
A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...
CVE-2019-13225
A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...
CVE-2019-13225
A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...
Null pointer dereference
A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...
CVE-2019-13225
Oniguruma 6.9.2 contains a NULL pointer dereference in match_at() (CVE-2019-13225) that can lead to denial of service when a crafted regular expression is used. Multiple connected advisories (AlmaLinux, Fedora, Amazon Linux, Astra Linux) report the vulnerability and list updates/patches for onigu...
CVE-2019-13225
A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...
CVE-2019-13225
A NULL Pointer Dereference in matchat in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust...
UBUNTU-CVE-2019-13224
A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...
Regular Expression Denial Of Service (ReDoS)
marked is vulnerable to regular expression denial of service DoS. The attack is possible because it does not use efficient link tags in regular expression, thereby leading to a high CPU usage if an attacker parses an input link with nested parenthesis containing a large number of link tokens to t...
Regular Expression Denial Of Service (ReDoS)
marked is vulnerable to regular expression denial of service ReDoS. A mishandling of the backtick character causes the system to consume a large amount of resource to parse a link text containing the backtick character...
CVE-2018-14733
The Odoo Community Association OCA dbfilterfromheader module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS regular expression denial of service under certain circumstances...
CVE-2018-14733
The Odoo Community Association OCA dbfilterfromheader module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS regular expression denial of service under certain circumstances...
CVE-2018-14733
The Odoo Community Association OCA dbfilterfromheader module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS regular expression denial of service under certain circumstances...
CVE-2018-14860
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...
CVE-2018-14860
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...
Design/Logic Flaw
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...
CVE-2018-14860
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sandbox and execute arbitrary code on the hosting system...