Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies

tough-cookie is vulnerable to regular expression denial of service ReDoS attack. The vulnerability exists because the COOKIEPAIR regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process...

Regular Expression Denial Of Service (ReDoS) Via Long String Of Semicolons

tough-cookie is vulnerable to regular expression denial-of-service ReDoS attack. A malicious user can pass a long string that contains many semicolons in the Set-Cookies header, causing a regular expression to take a large amount of time, causing a denial of service condition...

Denial Of Service (DoS)

minimatch is vulnerable to a Regular Expression Denial Of Service ReDoS attack. An attacker can pass a string value to the minimatchpath,pattern function to cause a ReDoS...

Arbitrary Code Execution

rh-mariadb100-mariadb is vulnerable to arbitrary code execution attacks. The vulnerability exists as a heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by...

Denial Of Service (DoS)

postgresql is vulnerable to denial of service DoS attacks. The vulnerability exists as PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service infinite loop or buffer overflow and crash via...

Denial Of Service (DoS) Via CPU Consumption

RubyGems is vulnerable to a denial of service DoS attack. It is possible due to a flaw in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb which allows a malicious gem version to cause a large amount of backtracking in a regular expression...

Regular Expression Denial Of Service (ReDoS)

tcl is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists as the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause...

Denial Of Service (DoS)

Libdns.so is vulnerable to denial of service attack. The library does not use correct regular expression validation, allowing the attack to inject a malicious DNS query causing an excessive amount of memory, or application crash...

ALPINE-CVE-2018-20712

A heap-based buffer over-read exists in the function dexpression1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt...

Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

Fedora 28 : 4:perl (2018-d1ba58394e)

This release provides Perl 5.26.2 that fixes a heap buffer overflow in the pack function and two overflows in regular expression engine. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

perl: Heap-based buffer overflow in S_regatom()

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

perl: Heap-based buffer overflow in S_regatom()

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

perl: Integer overflow leading to buffer overflow in Perl_my_setenv()

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

SUSE SLES12 Security Update : php5 (SUSE-SU-2017:1662-1)

This update for php5 fixes the following security issues : - CVE-2016-6294: The localeacceptfromhttp function in ext/intl/locale/localemethods.c did not properly restrict calls to the ICU ulocacceptLanguageFromHTTP function, which allowed remote attackers to cause a denial of service out-of-bound...

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

CVE-2018-20129: DedeCMS V5. 7 SP2 front Desk file upload getshell vulnerability alerts-a vulnerability alert-the black bar safety net

2018-12-11 in CVE Chinese application station published a DEDECMS 5.7 SP2 is the latest version there is a file upload vulnerability, with administrator privileges can exploit this vulnerability to upload and getshell execute arbitrary PHP code. After analysis and verification. The vulnerability...

Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

Buffer overflow

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations...