[SECURITY] Fedora 22 Update: pcre-8.38-1.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

DEBIAN-CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

Heap overflow

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

CVE-2016-1283

The pcrecompile2 function in pcrecompile.c in PCRE 8.38 mishandles the /?:F?+?:^?Ra+"99-?J?'R'?'R'?'RR'?'R'\97?J?J?'R'?'R'\99|:?|?'R'\k'R'|?'R'H'R'RH'R/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service heap-based buffer overflow or...

VMware ESXi Multiple DoS (VMSA-2014-0008)

The remote ESXi host is affected by multiple denial of service vulnerabilities in the glibc library : - A buffer overflow condition exists in the extendbuffers function in file posix/regexec.c due to improper validation of user-supplied input when handling multibyte characters in a regular...

Scientific Linux Security Update : file on SL7.x x86_64 (20151119)

Multiple denial of service flaws were found in the way file parsed certain Composite Document Format CDF files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. CVE-2014-0207, CVE-2014-0237, CVE-2014-0238,...

DSA-3428-1 tomcat8 - security update

Bulletin has no description...

OpenMRS 2.3 (1.11.4) - Expression Language Injection

OpenMRS 2.3 1.11.4 - Expression Language Injection OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - Expression Language Injection Vulnerability

Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - Expression Language Injection

OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary: OpenMRS is an application...

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

OpenMRS 2.3 (1.11.4) Expression Language Injection Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

CVE-2015-8394

PCRE before 8.38 mishandles the ? and ?R conditions, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

CVE-2015-8392

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

CVE-2015-8391

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...