Code injection

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

DEBIAN-CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-18077

index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service ReDoS attacks, as demonstrated by an expand argument containing many comma characters...

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

Keybase: Keybase extension hostname-validation regular expression issue.

Description The following snippet in js/identities.js allows all hostnames ending in twitter.com, facebook.com, etc. to display the Keybase message window. The issue stems from the fact that you use . instead of \. in your regular expression. js service: "twitter", getUsername: functionloc return...

GHSA-CRMX-V835-HCP4 Moderate severity vulnerability that affects marked

Withdrawn This advisory has been withdrawn, per NVD: "This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue." Original Description A Regular expression Denial of Service ReDoS vulnerability in the file marked.js of the marked npm package tested on...

Remote Code Execution (RCE)

primefaces is vulnerable to remote code execution RCE. It uses weak encryption on the PrimeSecret and PrimeOracle which allows expression language injection and remote code execution...

Updated perl packages fix security vulnerability

John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory which might be changed to another directory without the user realising and potentially leading to privilege escalation...

Updated perl packages fix security vulnerability

Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier CVE-2017-12837. Jakub Wilk reported a buffer over-read flaw in the regular...

Enigmail Denial of Service Vulnerability

Enigmail is a data encryption and decryption extension for Mozilla Thunderbird and SeaMonkey web packages that provides OpenPGP's email public key encryption and signing capabilities. A denial of service vulnerability exists in versions of Enigmail prior to 1.9.9. The vulnerability arises because...

CVE-2017-15313

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

Input validation

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

CVE-2017-15313

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

Regular Expression Denial Of Service (ReDoS)

ecstatic is vulnerable to regular expression denial of service DoS attacks. An attacker can use a string which contains a large number of null bytes in it to overload a server and cause a denial of service condition...

Design/Logic Flaw

A regular expression Denial of Service DoS vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string...

CVE-2016-10703

A regular expression Denial of Service DoS vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string...

CVE-2016-10703

CVE-2016-10703 affects the npm package ecstatic, specifically the file lib/ecstatic.js, with vulnerable versions prior to 2.0.0. The flaw is a regular expression DoS that lets a remote attacker pass a crafted string to overload and crash the server. Impact is a denial of service affecting the ecs...

ua-parser-js npm module ReDoS

This module exploits a Regular Expression Denial of Service vulnerability in the npm module "ua-parser-js". Server-side applications that use "ua-parser-js" for parsing the browser user-agent string will be vulnerable if they call the "getOS" or "getResult" functions. This vulnerability was fixed...

Atlassian Jira, Python and automated labeling

I have already wrote about Atlassian Jira automation in "Automated task processing with JIRA API". But all examples there were with using of curl. So, I decided to make one more post about Jira API. This time with python examples and about labeling issues nice wordplay, right? . You can use label...