GHSA-V638-Q856-GRG8 MathJax Regular expression Denial of Service (ReDoS)

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

Input validation

DISPUTED Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

UBUNTU-CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

CVE-2023-41362

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP...

CVE-2023-39663

CVE-2023-39663 affects MathJax up to v2.7.9. The issue is two Regular Expression Denial of Service (ReDoS) flaws in MathJax.js triggered via the components pattern and markdownPattern. The vendor disputes the risk on the basis that the regexes aren’t applied to user input. Documented impact from ...

PT-2023-27062 · Mathjax · Mathjax

Name of the Vulnerable Software and Affected Versions: Mathjax versions up to v2.7.9 Description: The issue concerns two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. However, the vendor disputes this, stating that the...

Gnu glibc denial of service vulnerability

Gnu glibc is a core component of the Linux system used to implement the C standard library, providing underlying API support for applications, following the POSIX and ISO C standards. A denial of service vulnerability exists in Gnu glibc, which stems from an endpattern in the GNU C library that...

Multiple errors are displayed after running the "show ha syncfailures" command on HA secondary node

Multiple errors are displayed after running the "show ha syncfailures" command on the HA secondary node, like below: ---------- show ha syncfailures exec: bind policy patset nsvpnclientuseragents AGEE -index 1 -charset ASCII ERROR: Pattern index already in use, try using other index exec: bind...

springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern...

CVE-2023-25984

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Rigorous & Factory Pattern Dovetail plugin = 1.2.13 versions...

REENTRANCY

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the DollarMathPostFilter, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the library, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the library, which allows an attacker to crash the application by sending maliciously crafted payloads to the previewmarkdown endpoint...

USN-5064-3: GNU cpio vulnerability

USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash,...

USN-5064-3 cpio vulnerability

USN-5064-1 fixed a vulnerability in GNU. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash,...

PT-2023-35925 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported in java.base. The crash occurs in the java.util.regex.Pattern class, specifically in the Loop.match, GroupTail.match, and BranchConn.match...

PT-2023-35926 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in the Java java.util.regex package, specifically in the Pattern$GroupTail.match function. The crash occurs when the BufferedWriter attempts to wri...

Medium: curl

Issue Overview: libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into t...