pcre: Buffer overflow caused by lookbehind assertion (8.38/6)

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp...

pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)

PCRE before 8.36 mishandles the /?Ra|?1+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

Hob0Rules - Password cracking rules for Hashcat based on statistics and industry patterns

Password cracking rules for Hashcat based on statistics and industry patterns. The following blog posts on passwords explain the statistical signifigance of these rulesets: Statistics Will Crack Your Password Praetorian Password Cracking Rules Released Useful wordlists to utilize with these rules...

Verizon DBIR Top Targets: Credentials, Phishing and PoS

A lack of security common sense still plagues businesses with 30 percent of phishing emails opened by campaign targets. Worse, 12 percent click on the attachments inside those phishing attacks, giving crooks easy access to systems to snarf up credentials that are later used to pull off financiall...

Pattern Matching Swiss Knife: YARA

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Cisco ASR 9000 IOS XR Denial of Service Vulnerability

Cisco IOS XR on ASR 9000 is a set of operating systems from Cisco that run in the 9000 series router devices. A denial of service vulnerability exists in Cisco IOS XR on Cisco ASR 9000. A remote attacker could exploit this vulnerability to cause a denial of service CRC and symbol errors, and...

CVE-2016-1376

Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service CRC and symbol errors, and interface flap via crafted bit patterns in packets, aka Bug ID CSCuv78548...

Design/Logic Flaw

Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service CRC and symbol errors, and interface flap via crafted bit patterns in packets, aka Bug ID CSCuv78548...

Veris: Complete Profile URL is not Random and not expiring

This issue refers to a token non expiry issue and vulnerable uri patterns for onboarding process. The On Boarding process of Veris was revamped after a few such similar reports...

[SECURITY] Fedora 22 Update: activemq-5.6.0-14.fc22

The most popular and powerful open source messaging and Integration Patterns server...

[SECURITY] Fedora 23 Update: activemq-5.6.0-14.fc23

The most popular and powerful open source messaging and Integration Patterns server...

Scientific Linux Security Update : glibc on SL7.x x86_64 (20151119)

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

PT-2015-7848 · Gnu +2 · Gnu C Library +2

Name of the Vulnerable Software and Affected Versions: GNU C Library versions prior to 2.22 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing a malformed pattern that triggers an out-of-bounds read in the fnmatc...

DEBIAN-CVE-2015-8395

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and...

DEBIAN-CVE-2015-8381

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

Heap overflow

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

PT-2015-7791 · Php Community +2 · Pcre +2

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 8.38 Description: The issue concerns how PCRE handles the : and substrings in character classes. This mishandling allows remote attackers to cause a denial of service due to an uninitialized memory read or possibly have...

UBUNTU-CVE-2015-8381

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

UBUNTU-CVE-2015-8394

PCRE before 8.38 mishandles the ? and ?R conditions, which allows remote attackers to cause a denial of service integer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...