20 matches found
EUVD-2021-0655
Malware in sbrugna...
CVE-2021-1625
A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not...
Regular Expression Denial Of Service (ReDoS)
color-string is vulnerable to regular expression denial of service. An attacker parsing a malicious crafted string that consist of more than 5000 characters into the hwb or hsl function will cause the system to crash...
Regular Expression Denial of Service
Overview three before version 0.125.0 is vulnerable to Regular Expression Denial of Service ReDoS. This can happen when handling rgb or hsl colors. POC var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var...
Denial of service in three
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: js var three = require'three' function buildblankn var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
GHSA-FQ6P-X6J3-CMMQ Denial of service in three
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: js var three = require'three' function buildblankn var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
Design/Logic Flaw
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
UBUNTU-CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
CVE-2020-28496
CVE-2020-28496 affects the three.js library (Color) before version 0.125.0. The root cause is a Regular Expression Denial of Service (ReDoS) triggered when handling rgb/hsl color strings, demonstrated by a PoC that builds an abnormally long rgb(…) string. Documented impact includes potential perf...
CVE-2020-28496
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...
Regular Expression Denial of Service (ReDoS)
Overview three is a JavaScript 3D library Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " retur...
Denial of Service Vulnerability in Multiple ImageMagick Functions
ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in several functions in ImageMagick versions 7.0.4-9. The vulnerability can be exploit...
Cisco IOS XE Fragmented Packet DoS
The Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the high-speed logging HSL feature due to improper processing of fragmented IP packets. An unauthenticated, remote attacker, by sending a large number of oversized packets, can exploit this ...
CVE-2015-0640
The high-speed logging HSL feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service device reload via large IP packets that require NAT and H...
Code injection
The high-speed logging HSL feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service device reload via large IP packets that require NAT and H...
CVE-2015-0640
CVE-2015-0640 affects Cisco IOS XE where the High-Speed Logging (HSL) feature mishandles fragmented IP packets, allowing an unauthenticated remote attacker to cause a DoS with device reloads by sending oversized packets after fragmentation. Affected are IOS XE 2.x and 3.x releases (per Bug CSCuo2...
CVE-2015-0640
The high-speed logging HSL feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service device reload via large IP packets that require NAT and H...