171 matches found
Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)
The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...
Regular Expression Denial Of Service (ReDoS)
three is vulnerable to regular expression denial of service. The usage of an insecure regex in setStyle function in color.js allows an attacker to cause excessive consumption of CPU resources, potentially resulting in an application crash...
Regular Expression Denial Of Service (ReDoS)
codemirror is vulnerable to regular expression denial of service. An attacker is able to cause a denial of service condition by passing long strings containing sub-pattern s|/.?/...
PT-2021-7377 · Python +10 · Urllib +10
Name of the Vulnerable Software and Affected Versions: urllib affected versions not specified Description: A flaw in the AbstractBasicAuthHandler class of urllib allows an attacker controlling a malicious HTTP server to trigger a Regular Expression Denial of Service ReDOS during an authentication...
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
Design/Logic Flaw
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
UBUNTU-CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
UBUNTU-CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...
CVE-2021-26271
CVE-2021-26271 affects CKEditor 4 before 4.16. An attacker could trigger a ReDoS-type DoS by persuading a victim to paste crafted text into the Styles input of dialogs (Advanced Tab in the Dialogs plugin). Affected versions are CKEditor 4.x prior to 4.16; remediation is to upgrade to 4.16 or newe...
CKEditor Security Vulnerabilities
CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor prior to CKEditor 4.16, which allows redos-type attacks to be executed in CKEditor 4 by inducing a victim to paste carefully crafted text into the styled input of a specific dialog box...
Regular Expression Denial Of Service (ReDoS)
fecha is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists when a user inputs a really long string as the parameter dateStr through the parse method in the file fecha.js causing the system to hang for a very long time...
CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...