65 matches found
EUVD-2021-1966
Malware in sbrugna...
EUVD-2021-1971
Malware in sbrugna...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Inefficient Regular Expression Complexity due to Babel ( CVE-2025-27789 )
Summary IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to Inefficient Regular Expression Complexity due to Babel. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...
Security Bulletin: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing, affects watsonx.data
Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.
Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2024-10963 DESCRIPTION: A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...
ROS-20241029-08
Vulnerability in the OpenSearch software package related to improper validation of the nextUrl parameter. Exploitation of the vulnerability could allow an attacker to redirect a user to a malicious site A vulnerability in the server.maxHeadersCount configuration of the ws client-server library in...
Subnet Solutions Inc. PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...
Debian dla-3902 : ruby-rails-html-sanitizer - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3902 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1 [email protected]...
Inefficient Regular Expression Complexity in langflow
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:0487-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0487-1 advisory. - All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS via trim. CVE-2020-7753 - ansi-regex ...
GHSA-PRR3-C3M5-P7Q2 @adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : NLTK vulnerability (USN-5215-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5215-1 advisory. Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:2575-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2575-1 advisory. - All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS via...
GHSA-8X6C-CV3V-VP6G Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service
This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...
is-url Inefficient Regular Expression Complexity vulnerability
A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is an unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2....
CVE-2018-25079 Segmentio is-url index.js redos
A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version...
Regular Expression Denial Of Service (ReDoS)
papapars is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in papaparse.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...
GHSA-QJM7-55VV-3C5F mel-spintax has Inefficient Regular Expression Complexity
A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...
CVE-2018-25077
A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/spintax.js. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is...