9263 matches found
CVE-2015-3798
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression, a different vulnerability than CVE-2015-3796 and...
Memory corruption
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression, a different vulnerability than CVE-2015-3797 and...
Memory corruption
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression, a different vulnerability than CVE-2015-3796 and...
DEBIAN-CVE-2013-7422
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long digit string associated with an invalid backreference within a regula...
CVE-2013-7422
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long digit string associated with an invalid backreference within a regula...
CVE-2015-3796
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression, a different vulnerability than CVE-2015-3797 and...
CVE-2015-3798
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression, a different vulnerability than CVE-2015-3796 and...
CVE-2015-3797
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression, a different vulnerability than CVE-2015-3796 and...
CVE-2013-7422
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long digit string associated with an invalid backreference within a regula...
[SECURITY] Fedora 22 Update: pcre-8.37-3.fc22
Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Discuz! X-Series remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
0x01 vulnerability root causes The root of the problem is that the api/uc. php file in the updatebadwords method, the code is as follows: function updatebadwords$get, $post global $G; if! APIUPDATEBADWORDS return APIRETURNFORBIDDEN; $data = array; ifisarray$post foreach$post as $k = $v...
FreeBSD : pcre -- heap overflow vulnerability in '(?|' situations (ff0acfb4-3efa-11e5-93ad-002590263bf5)
Venustech ADLAB reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may...
pcre -- heap overflow vulnerability in '(?|' situations
Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may...
Scientific Linux Security Update : grep on SL6.x i386/x86_64 (20150722)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privilege...
[USN-2694-1] PCRE vulnerabilities
========================================================================== Ubuntu Security Notice USN-2694-1 July 29, 2015 pcre3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
MGASA-2015-0293 Updated python-django and python-django14 packages fix security vulnerabilities
Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided in the request cookie. This could allow remote attackers to saturate the session store or cause other users' sessi...
Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)
Binary data 8830.pasl...
CVE-2015-5605
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service application crash via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of...