194 matches found
SUSE CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
SUSE CVE-2019-14292
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1...
SUSE CVE-2020-35507
There's a flaw in bfdpefparsefunctionstubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability...
Regular Expression Denial Of Service (ReDoS)
cookiejar is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in the parse function of cookiejar.js due to inefficient regular expression complexity which allows an attacker to crash the application by submitting a malicious string...
CookieJar 安全漏洞
CookieJar is a simple and robust cookie library. A security vulnerability exists in CookieJar versions prior to 2.1.4, which stems from the use of insecure regular expressions in the Cookie.parse function...
Vercel ms Inefficient Regular Expression Complexity vulnerability
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
CVE-2017-20162
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
UBUNTU-CVE-2017-20162
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
Design/Logic Flaw
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
CVE-2017-20162 vercel ms index.js parse redos
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
CVE-2017-20162
CVE-2017-20162 affects the Vercel ms package up to 1.x. The vulnerability lies in the parse function of index.js, where manipulating the string argument (str) enables a regular expression denial of service (ReDoS). The issue can be exploited remotely; a public exploit has been disclosed. Remediat...
PT-2023-10614 · Vercel · Vercel Ms
Name of the Vulnerable Software and Affected Versions: vercel ms versions up to 1.x Description: A problematic issue has been found in the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated...
PT-2022-27179 · Picoc · Picoc
Name of the Vulnerable Software and Affected Versions: PicoC version 3.2.2 Description: A heap buffer overflow was discovered in the ExpressionAssign function in expression.c when called from ExpressionParseFunctionCall, which can lead to a potential issue. Recommendations: For PicoC version 3.2....
PT-2022-36752 · Git +1 · Mongoose
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue was identified, potentially causing a crash. The crash occurred in the mg mqtt parse function, as indicated by the cras...
GHSA-P28H-CC7Q-C4FG css-what vulnerable to ReDoS due to use of insecure regular expression
The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
css-what vulnerable to ReDoS due to use of insecure regular expression
The package css-what before 2.1.3 is vulnerable to Regular Expression Denial of Service ReDoS due to the use of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
UBUNTU-CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222 Regular Expression Denial of Service (ReDoS)
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...
CVE-2022-21222
The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function...