76 matches found
PT-2026-28365
Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending a "NOOP ..." command with a large number of parentheses e.g., 4000 open and close can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by...
AZL-37519 CVE-2024-24784 affecting package golang for versions less than 1.21.6-1
The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...
AZL-37466 CVE-2024-24784 affecting package golang for versions less than 1.21.6-1
The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...
ROS-20231009-01
PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...
GHSA-4Q6P-R6V2-JVC5 Chaijs/get-func-name vulnerable to ReDoS
The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...
Chaijs/get-func-name vulnerable to ReDoS
The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...
DEBIAN-CVE-2023-43646
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
CVE-2023-43646 Inefficient Regular Expression Complexity in get-func-name
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
CVE-2023-43646
get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...
SUSE CVE-2009-1885
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...
SUSE CVE-2016-3191
The compilebranch function in pcrecompile.c in PCRE 8.x before 8.39 and pcre2compile.c in PCRE2 before 10.22 mishandles patterns containing an ACCEPT substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service stack-based...
SUSE CVE-2017-12962
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack...
Moderate: Red Hat Security Advisory: dbus security update
An update for dbus is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
The vulnerability of the D-Bus inter-process communication system, related to the ability to achieve compliance in debugging builds, allows a malicious actor to trigger a service failure.
The vulnerability of the D-Bus inter-process communication mechanism is related to the occurrence of errors in debugging builds, caused by syntactically invalid signatures with incorrectly nested parentheses and curly braces. Exploiting this vulnerability can allow a malicious actor to cause...
GHSA-7M7Q-Q53V-J47V Regular Expression Denial of Service
A flaw was found in nodejs-marked versions from 0.5.0 to before 0.6.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Input to the host variable is vulnerable when input contains parenthesis in link URIs, coupled with a high number of link tokens i...
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to the lack of measures to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to certain elements that may contain parentheses. Through these elements, it is possible to inject closing tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...
GORM SQL Injection Vulnerability
GORM is a Golang ORM library. A SQL injection vulnerability exists in GORM versions prior to 1.9.10. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via incomplete parentheses...
Sql injection
DISPUTED GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...
CVE-2019-15562
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm...