CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4005 matches found

OSV•added 2016/03/29 12:0 a.m.•0 views

UBUNTU-CVE-2014-9769

pcrejitcompile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service stack memory corruption or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata...

7.3CVSS7.2AI score0.00934EPSS

Exploits0References3

CNVD•added 2016/03/29 12:0 a.m.•2 views

PCRE pcre_jit_compile.c Denial of Service Vulnerability

PCRE is a Perl library that includes a perl-compatible regular expression library. PCRE version 8.35 pcrejitcompile.c fails to properly optimize nested substitutions using table jumps. A remote attacker could utilize the constructed strings to cause a denial of service stack memory corruption...

9.3CVSS9.1AI score0.01179EPSS

Exploits0References1

OSV•added 2016/03/28 4:59 p.m.•1 views

DEBIAN-CVE-2014-9769

7.3CVSS9.6AI score0.00934EPSS

Exploits0References1

Cvelist•added 2016/03/28 4:0 p.m.•27 views

CVE-2014-9769

8.6AI score0.00934EPSS

Exploits0References6

CNVD•added 2016/03/19 12:0 a.m.•1 views

PCRE and PCRE2 'compile_branch' function denial of service vulnerability

PCRE is an open source regular expression library written in C. PCRE2 is an API for modifying PCRE. The 'compilebranch' function of PCRE and PCRE2 failed to properly handle regular expressions containing 'ACCEPT' substrings and nested parentheses. A remote attacker submitting a specially crafted...

9.8CVSS9.6AI score0.07915EPSS

Exploits1References1

OSV•added 2016/03/17 11:59 p.m.•2 views

DEBIAN-CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

9.8CVSS9.2AI score0.07915EPSS

Exploits1References1

OSV•added 2016/03/17 11:59 p.m.•2 views

ALPINE-CVE-2016-3191

9.8CVSS7.8AI score0.07915EPSS

Exploits1References1

OSV•added 2016/03/17 12:0 a.m.•0 views

UBUNTU-CVE-2016-3191

9.8CVSS7.5AI score0.07915EPSS

Exploits1References3

OSV•added 2016/03/16 12:0 a.m.•0 views

UBUNTU-CVE-2016-2315

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, leading to a heap-based buffer overflow...

9.8CVSS8AI score0.17652EPSS

Exploits0References4

Tenable Nessus•added 2016/03/16 12:0 a.m.•20 views

Fedora 22 : pcre-8.38-3.fc22 (2016-f5af8e27ce)

This release fixes a heap buffer overflow in handling of nested duplicate named groups with a nested back reference and a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2. Note that Tenable Network Security has extracted the preceding...

9.8CVSS8.3AI score0.02374EPSS

Exploits1References4

RedHat Linux•added 2016/03/15 8:56 p.m.•3 views

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes...

5.3CVSS7.1AI score0.01209EPSS

Exploits0References6

RedHat Linux•added 2016/03/15 8:56 p.m.•54 views

Important: Red Hat Security Advisory: ror40 security update

Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

7.5CVSS6.9AI score0.90494EPSS

Exploits18References8

RedHat Linux•added 2016/03/15 8:55 p.m.•6 views

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

5.3CVSS7.1AI score0.01209EPSS

Exploits0References6

OSV•added 2016/03/15 12:0 a.m.•1 views

UBUNTU-CVE-2016-2324

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a 1 long filename or 2 many nested trees, which triggers a heap-based buffer overflow...

9.8CVSS8.1AI score0.2205EPSS

Exploits0References4

OpenVAS•added 2016/03/08 12:0 a.m.•30 views

Google Chrome Multiple Vulnerabilities (Mar 2016) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

10CVSS7.2AI score0.05701EPSS

Exploits3References1

CNVD•added 2016/03/08 12:0 a.m.•2 views

Google Chrome Pepper plugin same-origin policy bypass vulnerability

Google Chrome is a web browser developed by Google, and Pepper is a player plug-in for playing Flash videos. Versions of the Pepper plugin prior to Google Chrome 49.0.2623.75 have the file content/renderer/pepper/ppbflashmessageloopimpl.cc in the file 'PPBFlashMessageLoop A security vulnerability...

8.8CVSS8.9AI score0.0097EPSS

Exploits2References1

RedHat Linux•added 2016/03/07 3:22 a.m.•4 views

chromium-browser: same-origin bypass in Pepper Plugin

The PPBFlashMessageLoopImpl::InternalRun function in content/renderer/pepper/ppbflashmessageloopimpl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

8.8CVSS7.4AI score0.0097EPSS

Exploits2References5

OSV•added 2016/03/06 2:59 a.m.•2 views

CVE-2016-1631

8.8CVSS7.3AI score

Exploits0References12