Lucene search
K

76 matches found

Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-28365

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending a "NOOP ..." command with a large number of parentheses e.g., 4000 open and close can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by...

7.5CVSS5.9AI score0.0079EPSS
Exploits5References76
OSV
OSV
added 2024/03/05 11:15 p.m.5 views

AZL-37519 CVE-2024-24784 affecting package golang for versions less than 1.21.6-1

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS6.7AI score0.01042EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-37466 CVE-2024-24784 affecting package golang for versions less than 1.21.6-1

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS6.7AI score0.01042EPSS
Exploits0References1
Redos
Redos
added 2023/10/09 12:0 a.m.28 views

ROS-20231009-01

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

8.8CVSS8.7AI score0.01572EPSS
Exploits0
OSV
OSV
added 2023/09/27 8:16 p.m.5 views

GHSA-4Q6P-R6V2-JVC5 Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

7.5CVSS6.8AI score0.01114EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/09/27 8:16 p.m.59 views

Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

8.6CVSS6.9AI score0.01114EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/09/27 3:19 p.m.1 views

DEBIAN-CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

7.5CVSS6.1AI score0.01114EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/26 6:19 p.m.60 views

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

8.6CVSS8.5AI score0.01114EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/09/26 6:19 p.m.14 views

CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

8.6CVSS6.6AI score0.01114EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/09/26 6:19 p.m.21 views

CVE-2023-43646

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...

8.6CVSS6.3AI score0.01114EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.3 views

SUSE CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

4.3CVSS6.8AI score0.05324EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.3 views

SUSE CVE-2016-3191

The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...

3.7CVSS7.8AI score0.0843EPSS
Exploits1References23
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.5 views

SUSE CVE-2017-12962

There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack...

7.5CVSS7.1AI score0.01225EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/01/12 9:24 a.m.63 views

Moderate: Red Hat Security Advisory: dbus security update

An update for dbus is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

6.5CVSS6.5AI score0.0131EPSS
Exploits3References4
BDU FSTEC
BDU FSTEC
added 2022/10/21 12:0 a.m.5 views

The vulnerability of the D-Bus inter-process communication system, related to the ability to achieve compliance in debugging builds, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to the occurrence of errors in debugging builds, caused by syntactically invalid signatures with incorrectly nested parentheses and curly braces. Exploiting this vulnerability can allow a malicious actor to cause...

6.8CVSS6.4AI score0.00831EPSS
Exploits1References12Affected Software8
OSV
OSV
added 2021/02/25 2:1 a.m.2 views

GHSA-7M7Q-Q53V-J47V Regular Expression Denial of Service

A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens i...

5.8AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/04/10 12:0 a.m.4 views

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to the lack of measures to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to certain elements that may contain parentheses. Through these elements, it is possible to inject closing tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

6.1CVSS7AI score0.0145EPSS
Exploits0References17Affected Software7
CNVD
CNVD
added 2019/08/27 12:0 a.m.29 views

GORM SQL Injection Vulnerability

GORM is a Golang ORM library. A SQL injection vulnerability exists in GORM versions prior to 1.9.10. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via incomplete parentheses...

9.8CVSS9.7AI score0.01658EPSS
Exploits0References1
Prion
Prion
added 2019/08/26 1:15 p.m.14 views

Sql injection

DISPUTED GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

7.5CVSS9.9AI score0.01658EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/08/26 12:26 p.m.15 views

CVE-2019-15562

GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...

10AI score0.01658EPSS
Exploits0References4
Rows per page
Query Builder