9262 matches found
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
MGASA-2014-0142 Updated file packages fix security vulnerabilities
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
Updated file packages fix security vulnerabilities
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
Kaspersky Internet Security常规表达式模式处理拒绝服务漏洞
Kaspersky Internet Security是卡巴斯基互联网安全套装。 Kaspersky Internet Security 14.0.0.4651及其他版本处理常规表达式模式时出现错误,可被恶意利用耗尽CPU资源,导致拒绝服务。 0 Kaspersky Labs Kaspersky Internet Security 14.0.0.4651 目前厂商还没有提供补丁或者升级程序: http://www.kaspersky.com/...
Design/Logic Flaw
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
Amazon Linux AMI : ruby19 (ALAS-2014-290)
Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...
Medium: ruby19
Issue Overview: Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a deni...
rubygems: version regex algorithmic complexity vulnerability
A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...
Camel: remote code execution via header field manipulation
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple" in a CamelFileName message header to a 1 FILE or 2 FTP producer...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Design/Logic Flaw
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Design/Logic Flaw
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
Summary of CVE-2013-7177 : Fail2ban (vulnerable up to 0.8.10) contains a faulty cyrus-imap failregex in its config filter (config/filter.d/cyrus-imap.conf). The improper design allows remote attackers to trigger the banning of an arbitrary IP via a crafted email address, due to regex weaknesses i...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...