GLSA-200803-20 : International Components for Unicode: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-20 International Components for Unicode: Multiple vulnerabilities Will Drewry Google Security reported a vulnerability in the regular expression engine when using back references to capture \0 characters CVE-2007-4770. He...

International Components for Unicode: Multiple vulnerabilities

Background International Components for Unicode is a set of C/C++ and Java libraries providing Unicode and Globalization support for software applications. Description Will Drewry Google Security reported a vulnerability in the regular expression engine when using back references to capture \0...

[SECURITY] Fedora 7 Update: pcre-7.3-3.fc7

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

CentOS 3 : tcltk (CESA-2008:0134)

Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use...

RHEL 2.1 / 3 : tcltk (RHSA-2008:0134)

Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use...

Sql injection

SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management OSSIM 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression...

Moderate: Red Hat Security Advisory: tcltk security update

Updated tcltk packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tcl is a scripting language designed for embedding into other applications and for use...

USN-581-1: PCRE vulnerability

It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or...

CVE-2008-0674

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255...

Buffer overflow

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255...

DEBIAN-CVE-2008-0674

Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255...

CVE-2008-0674

CVE-2008-0674 is a buffer overflow in the PCRE library prior to 7.6 that permits remote attackers to execute arbitrary code via a regular expression containing a character class with many Unicode code points above 255. The CVE is listed across multiple vulnerability feeds (e.g., OpenVAS/Nessus en...

openSUSE 10 Security Update : postgresql (postgresql-4958)

This version update to 8.1.11 fixes among other things several security issues : - Index Functions Privilege Escalation: CVE-2007-6600 - Regular Expression Denial-of-Service: CVE-2007-4772, CVE-2007-6067, CVE-2007-4769 - DBLink Privilege Escalation: CVE-2007-6601 %NASLMINLEVEL 70300 C Tenable...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix several security issues are now available for Red Hat Application Stack v1 and v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS...

Debian Security Advisory DSA 1460-1 (postgresql-8.1)

The remote host is missing an update to postgresql-8.1 announced via advisory DSA 1460-1. OpenVAS Vulnerability Test $Id: deb14601.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1460-1 postgresql-8.1 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

Debian Security Advisory DSA 1463-1 (postgresql-7.4)

The remote host is missing an update to postgresql-7.4 announced via advisory DSA 1463-1. OpenVAS Vulnerability Test $Id: deb14631.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1463-1 postgresql-7.4 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

CVE-2007-4771

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode ICU 3.8.1 and earlier allows context-dependent attackers to cause a denial of service memory consumption and possibly have unspecified other impact via a regular expression that...

Design/Logic Flaw

regex/v4/perlmatchernonrecursive.hpp in the Boost regex library aka Boost.Regex in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service failed assertion and crash via an invalid regular expression...

CVE-2008-0171

regex/v4/perlmatchernonrecursive.hpp in the Boost regex library aka Boost.Regex in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service failed assertion and crash via an invalid regular expression...

Design/Logic Flaw

The getrepeattype function in basicregexcreator.hpp in the Boost regex library aka Boost.Regex in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service NULL dereference and crash via an invalid regular expression...