CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitsetsetrange during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect...

Regular Expression Denial Of Service (ReDoS)

amqp-match is vulnerable to regular expression denial of service ReDoS attacks. These attacks can be triggered when the .match function is used to identify routing tokens in a long string...

[SECURITY] Fedora 24 Update: pcre-8.40-7.fc24

PCRE, Perl-compatible regular expression, library has its own native API, b ut a set of wrapper functions that are based on the POSIX API are also supplied in the libpcreposix library. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

PCRE2 Buffer Overflow Vulnerability (CNVD-2017-06216)

PCRE2 is an API for modifying PCRE Open Source Regular Expression Library developed by software developer Philip Hazel. A heap buffer overflow vulnerability exists in the pcre2test.c file in PCRE2 version 10.23. A remote attacker could exploit this vulnerability to cause a denial of service with...

Paragon Initiative Enterprises: Improper validation of Email

1.goto https://bridge.cspr.ng/my/account here no rate limit present for email and display name,real name i just entered 1000 character length email in email field and it accepted also for the display name ,real name another there is no regular expression to check valid email if u give email as...

Heap overflow

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

Huawei Load Balancer Management System suffers from s2-045 remote command execution vulnerability

Load Balancer Management System is a load balancer management system. The Huawei Load Balancer Management System suffers from a s2-045 remote command execution vulnerability. The vulnerability can be exploited to execute arbitrary commands by constructing a Content-Type function in the header, as...

CVE-2017-8786

pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via a crafted regular expression...

PCRE2 Buffer Overflow Vulnerability (CNVD-2017-07003)

PCRE2 is an API for modifying PCRE Open Source Regular Expression Library developed by software developer Philip Hazel. A buffer overflow vulnerability exists in the pcre2match.c file in versions of PCRE2 prior to 2017-03-10. An attacker can exploit this vulnerability to cause a denial of service...

EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2016-1049)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly conside...

[SECURITY] Fedora 25 Update: yara-3.5.0-7.fc25

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 24 Update: yara-3.5.0-7.fc24

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 24 Update: pcre2-10.21-18.fc24

PCRE2 is a re-working of the original PCRE Perl-compatible regular expression library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which...

Evolving Analytics for Execution Trace Data

Five years ago, Mandiant released a proof of concept tool named ShimCacheParser, along with a blog post titled “Leveraging the Application Compatibility Cache in Forensic Investigations”. Since then, ShimCache metadata has become increasingly popular as a source of forensic evidence, both for...

Design/Logic Flaw

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

CVE-2016-9954

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

CVE-2016-9954

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...

CVE-2016-9954

The backtrack compilation code in the Irregex package aka IrRegular Expressions before 0.9.6 for Scheme allows remote attackers to cause a denial of service memory consumption via a crafted regular expression with a repeating pattern...