Regular Expression Denial Of Service (ReDoS)

useragent is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to parse the useragent headers. If an attacker edits their own headers to create an extremely long useragent string, it will cause an event loop which blocks the server...

Regular Expression Denial Of Service (ReDoS)

decamelize is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression used to identify camel case names. If an attacker uses the | character, they are able to add to the regular expression and consume the CPU...

Regular Expression Denial Of Service (ReDoS)

uri-js is vulnerable to denial of service DoS attacks. These attacks are possible through the regular expression that validates if a URL is validate. There is a flaw in the regular expression which causes the program to hang and the application to consume 100% of the CPU. This is only possible if...

LibSass: stack overflow #3 in libsass

./sassc test387 /dev/null triggers this stack overflow. ==9081==ERROR: AddressSanitizer: stack-overflow on address 0x7fffb48eadc0 pc 0x00000087a07b bp 0x7fffb48eba30 sp 0x7fffb48ead60 T0 0 0x87a07a in Sass::Parser::parsefactor /home/geeknik/libsass/src/parser.cpp:1379 1 0x878304 in...

Microsoft Edge browser vulnerability, which allows attackers to obtain confidential information or carry out XSS attacks

The vulnerability of the RegEx script class XXS in the Microsoft Edge browser exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform XSS attacks or obtain confidential information using undefined vectors...

CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...

CVE-2017-6181

The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application crash via a crafted regular expression...

Design/Logic Flaw

The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application crash via a crafted regular expression...

CVE-2017-6181

The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application crash via a crafted regular expression...

CVE-2017-6181

The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application crash via a crafted regular expression...

CVE-2017-6181

The CVE-2017-6181 entry corresponds to an unbounded recursion flaw in the Onigmo (Oniguruma-mod) regular expression library’s parse_char_class function (regparse.c) used by Ruby 2.4.0. A crafted regular expression can cause a remote attacker to trigger deep recursion and a potential application c...

S2-045 Remote Command Execution Vulnerability in Bunker Fortress of Beijing Weifangtong Information Technology Co.

Beijing Weifangtong Information Technology Co., Ltd. bunker fortress is to provide the remote operation and maintenance management needs of the centralized identity authentication, centralized access authorization, centralized access management, centralized operation audit, as well as simplify th...

Artifex Software MuJS Denial of Service Vulnerability (CNVD-2017-05277)

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. A denial of service vulnerability exists in the regexp.c file in Artifex Software MuJS. An attacker can exploit this...

Denial Of Service (DoS)

gollum is vulnerable to denial of service DoS attacks. These attacks are possible as it uses the path of a file as a direct source in a regular expression. By setting the name of a directory to a regular expression, an attacker can increase the time it takes to complete the regular expression...

CVE-2016-10132

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service NULL pointer dereference and crash via vectors related to regular expression compilation...

CVE-2016-10132

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service NULL pointer dereference and crash via vectors related to regular expression compilation...

Null pointer dereference

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service NULL pointer dereference and crash via vectors related to regular expression compilation...

CVE-2016-10132

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service NULL pointer dereference and crash via vectors related to regular expression compilation...

Expression injection vulnerability in e-mobile platform login.do page of Shanghai Panmicro Network Technology Co.

e-mobile is Panavision's mobile office product for cell phones, tablets and other mobile terminals. An expression injection vulnerability exists in the login.do page of the e-mobile platform of Shanghai Panmicro Network Technology Co. The vulnerability allows an attacker to remotely execute...

Cross-Site Scripting

Overview Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as...