Lucene search
K

39 matches found

OSV
OSV
added 2025/08/20 3:15 a.m.9 views

UBUNTU-CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS5.8AI score0.00372EPSS
Exploits0References4
CVE
CVE
added 2025/08/20 12:0 a.m.59 views

CVE-2025-54364

Summary (CVE-2025-54364) Microsoft Knack 0.12.0 contains a vulnerability in the knack.introspection module where option_descriptions uses an inefficient regex "\s(:param)\s+(.+?)\s:(.*)" that can backtrack catastrophically with crafted docstrings containing lots of whitespace, potentially causing...

6.9CVSS6AI score0.00333EPSS
Exploits0References2
OSV
OSV
added 2025/08/20 12:0 a.m.5 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS6AI score0.00372EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.4 views

knack 安全漏洞

knack is an open source command line interface framework from Microsoft. A security vulnerability exists in knack version 0.12.0, which stems from a regular expression denial of service...

6.9CVSS6.9AI score0.00333EPSS
Exploits0References4
CVE
CVE
added 2025/08/20 12:0 a.m.63 views

CVE-2025-54363

Microsoft Knack 0.12.0 is affected by a Regular Expression Denial of Service (ReDoS) in the knack.introspection module. The extract_full_summary_from_signature uses an inefficient pattern "\s(:param)\s+(.+?)\s:(.*)" that can catastrophically backtrack when processing crafted docstrings with lots ...

6.9CVSS6.1AI score0.00372EPSS
Exploits0References3
OSV
OSV
added 2025/08/20 12:0 a.m.5 views

CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

6.9CVSS6AI score0.00333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.5 views

PT-2025-33896 · Microsoft +1 · Knack +1

Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software is susceptible to a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version...

6.9CVSS6AI score0.00372EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2025/08/20 12:0 a.m.2 views

CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

6.9CVSS6AI score0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 12:0 a.m.3 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS6AI score0.00372EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-33897 · Microsoft +1 · Knack +1

Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software contains a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version that...

6.9CVSS6AI score0.00333EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.6 views

knack 安全漏洞

knack is an open source command line interface framework from Microsoft. A security vulnerability exists in knack version 0.12.0, which stems from a regular expression denial of service vulnerability in the knack.introspection module that could lead to excessive CPU consumption...

6.9CVSS6.4AI score0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/20 12:0 a.m.13 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS0.00372EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/20 12:0 a.m.12 views

CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

6.9CVSS0.00333EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/08/20 12:0 a.m.4 views

CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

6.9CVSS5.3AI score0.00372EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/08/20 12:0 a.m.6 views

CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

6.9CVSS5.3AI score0.00333EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/07/10 12:0 a.m.20 views

openSUSE Security Advisory (SUSE-SU-2024:1639-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.3AI score0.01034EPSS
Exploits0References16
OSV
OSV
added 2024/07/01 4:34 p.m.21 views

SUSE-SU-2024:1639-2 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict

This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...

6.5CVSS7.1AI score0.01034EPSS
Exploits0References9
OSV
OSV
added 2024/07/01 4:34 p.m.2 views

SUSE-SU-2024:1639-1 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict

This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...

6.5CVSS6.4AI score0.01034EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/07/06 12:0 a.m.52 views

SUSE SLES15: libprotobuf-lite20 / python2-cryptography / python2-psutil / etc (SUSE-SU-2023:2783-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2783-1 advisory. grpc: - Update in SLE-15 bsc1197726, bsc1144068 protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941,...

9.1CVSS6.8AI score0.06718EPSS
Exploits3References29
Rows per page
Query Builder