9267 matches found
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
CVE-2017-12883
Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...
ALPINE-CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
CVE-2017-12883
Perl 5 vulnerable to CVE-2017-12883: a buffer overflow in S_grok_bslash_N in regcomp.c allows an attacker to disclose memory or cause a denial of service via a crafted regular expression containing an invalid '\N{U+...}' escape. Affected versions are Perl before 5.24.3-RC1 and 5.26.x before 5.26....
CVE-2017-12883
None...
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
CVE-2017-12883
Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...
CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
UBUNTU-CVE-2017-12883
Buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via a crafted regular expression with an invalid '\NU+...' escape...
Regular Expression Denial Of Service (ReDoS)
debug is vulnerable to Regular Expression Denial Of Service ReDoS. The regular expression is used to map %o to util.inspect can take awhile for long strings, hanging an application...
HPE Intelligent Management Center userSelectPagingContent Expression Language Injection (CVE-2017-12521)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to a lack of validation on a request parameter on requests sent to the server. A remote attacker can exploit this vulnerability by sending a crafted request to the target server...
CVE-2017-12883
A heap buffer overread was found in perl's grokbslashN function, which is used in the compilation of Unicode nodes in regular expressions, possibly leading to crash or dump of memory segments via the error output. An attacker, able to provide a specially crafted regular expression, could look for...
Data Binding Expression Vulnerability in Spring Web Flow
This CVE addresses a second path to exploiting the same vulnerability as the one described under CVE-2017-4971 . Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e. set to “false” can be vulnerable to malicious EL...
IBM API Connect Denial of Service Vulnerability
IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect has a security vulnerability. An attacker can exploit the vulnerability with the hel...
Code injection
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
CVE-2017-1556
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
CVE-2017-1556
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...
Regular Expression Denial of Service
Overview Affected versions of content are vulnerable to a regular expression denial of service when parsing malicious Content-Type and Content-Disposition headers. Recommendation Update to version 3.0.6 or later. References GitHub Advisory...