UBUNTU-CVE-2018-16976

Gitolite before 3.6.9 does not in certain configurations involving @all or a regex properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access...

Regular Expression Denial Of Service (ReDoS)

devise-security is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the usage of a vulnerable regular expression that allows a malicious string to cause a ReDoS attack when parsed...

RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

Regular Expression Denial Of Service (ReDoS)

onebox is vulnerable to regular expression denial of service DoS. The vulnerability is possible because it does not escape the image URLs parameter directly using as HTML...

Important: pcre

Issue Overview: The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

Explained: regular expression (regex)

Regular expression, or "regex" for short, is a mathematical term for the theory used to describe regular languages. But in computing, regexes are used to search for patterns in files and databases, and their functionality is incorporated into many modern programming languages. Regex search patter...

GHSA-WQG7-VRJ7-V82H Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Mosca REDoS Vulnerability

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

Design/Logic Flaw

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

CVE-2018-11615

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacke...

CVE-2018-11615

CVE-2018-11615 affects the mosca broker (npm mosca) 2.8.1. The vulnerability is rooted in topic processing: a crafted regular expression can trigger a denial-of-service condition, crashing the broker without requiring authentication. The primary exploit path is remote, leading to availability imp...

Regular Expression Denial Of Service (ReDoS)

lodash is vulnerable to Regular Expression Denial of Service ReDoS attacks. The library uses a regular expression that does not properly handle processing a large amount of characters, allowing a malicious user to cause a ReDoS...

GHSA-F523-2F5J-GFCG Regular Expression Denial of Service in timespan

Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is available f...

Regular Expression Denial Of Service (ReDoS)

is-url is vulenrable to regular expression denial of service ReDoS. An attacker is able to create a denial of service condition on the server via a specially crafted URL...

Regular Expression Denial Of Service (ReDoS)

ducktype is vulnerable to regular expression denial of service ReDoS. An attacker will be able to create a denial of service condition on the server via a specially crafted URL...

CVE-2018-15863

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression...

UBUNTU-CVE-2018-15863

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression...

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

It is possible to perform a RCE attack when the namespace value isn't set for a result defined in underlying xml configurations and in the same time, its upper actions configurations have no or wildcard namespace. The Same possibility when using the url tag which doesn't have value and action set...

pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)

The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...