9263 matches found
CVE-2015-0217
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
CVE-2015-0217
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
UBUNTU-CVE-2015-0217
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
Input validation
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
Input validation
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
UBUNTU-CVE-2015-2268
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
CVE-2015-0217
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service CPU consumption or partial outage via a crafted string that is matched against an improper regular expression...
CVE-2015-3210
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...
pcre -- multiple vulnerabilities
Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. PCRE library is prone to a vulnerability which leads ...
Security Researchers Publish Comments on Wassenaar Rules
With the two-month comment period for the proposed U.S. Wassenaar Arrangement rules barely under way, a cast of influential security researchers has wasted no time preparing and submitting their thoughts on the controversial proposal. Researchers who seek out vulnerabilities in software—developin...
Apache Tomcat 7.0.0 < 7.0.59
The version of Tomcat installed on the remote host is prior to 7.0.59. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.59security-7 advisory. - The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before...
SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2015:0458-1)
icu was updated to fix one security issue. This security issue was fixed : - CVE-2014-9654: Insufficient size limit checks in regular expression compiler bnc917129. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable h...
Debian DLA-219-1 : icu security update
Several vulnerabilities were discovered in the International Components for Unicode ICU library : CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional...
Medium: php
Issue Overview: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression...
DLA-219-1 icu - security update
Bulletin has no description...
Microsoft Windows VBScript Regular Expression Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how VBScript...
Fixed in Apache Tomcat 6.0.44
Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the...
tomcat -- multiple vulnerabilities
Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be...
MongoDB repair a can be remotely exploitable DoS(denial of service)vulnerability-vulnerability warning-the black bar safety net
! The popular NoSQL database MongoDB recently repaired a serious and can be remotely exploitable denial-of-service(DoS)vulnerabilities. The vulnerability by FortiGuard Labs researchers in the 2 on 2 0 and 2 3, find the MongoDB official have to 3 on 1 7, release patch. Vulnerability can be caused ...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...