Lucene search
+L

171 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/15 12:0 a.m.40 views

Fedora 33 : mingw-python-pillow / python-pillow / python2-pillow (2021-15845d3abe)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-15845d3abe advisory. - In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts...

9.8CVSS7.4AI score0.04851EPSS
Exploits0References10
Veracode
Veracode
added 2021/02/19 4:6 a.m.15 views

Regular Expression Denial Of Service (ReDoS)

three is vulnerable to regular expression denial of service. The usage of an insecure regex in setStyle function in color.js allows an attacker to cause excessive consumption of CPU resources, potentially resulting in an application crash...

7.5CVSS4.5AI score0.02519EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2021/02/04 12:6 p.m.14 views

Regular Expression Denial Of Service (ReDoS)

codemirror is vulnerable to regular expression denial of service. An attacker is able to cause a denial of service condition by passing long strings containing sub-pattern s|/.?/...

4.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/01/30 12:0 a.m.8 views

PT-2021-7377 · Python +10 · Urllib +10

Name of the Vulnerable Software and Affected Versions: urllib affected versions not specified Description: A flaw in the AbstractBasicAuthHandler class of urllib allows an attacker controlling a malicious HTTP server to trigger a Regular Expression Denial of Service ReDOS during an authentication...

10CVSS6.7AI score0.73327EPSS
Exploits80References478
NVD
NVD
added 2021/01/26 9:15 p.m.28 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.5AI score0.02223EPSS
Exploits0References5
NVD
NVD
added 2021/01/26 9:15 p.m.21 views

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

6.5CVSS6.8AI score0.01962EPSS
Exploits0References4
OSV
OSV
added 2021/01/26 9:15 p.m.27 views

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

6.5CVSS6.9AI score
Exploits0References4
OSV
OSV
added 2021/01/26 9:15 p.m.33 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.8AI score
Exploits0References5
Prion
Prion
added 2021/01/26 9:15 p.m.47 views

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

4.3CVSS6.7AI score0.01962EPSS
Exploits0References4Affected Software7
UbuntuCve
UbuntuCve
added 2021/01/26 9:15 p.m.34 views

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

6.5CVSS7AI score0.01962EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/01/26 9:15 p.m.41 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS7AI score0.02223EPSS
Exploits0References2
OSV
OSV
added 2021/01/26 9:15 p.m.3 views

UBUNTU-CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

6.5CVSS7.2AI score0.01962EPSS
Exploits0References3
OSV
OSV
added 2021/01/26 9:15 p.m.4 views

UBUNTU-CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS7.2AI score0.02223EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/01/26 8:39 p.m.37 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

6.5CVSS6.7AI score0.02223EPSS
Exploits0
Cvelist
Cvelist
added 2021/01/26 8:39 p.m.47 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

7AI score0.02223EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/01/26 8:39 p.m.29 views

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

7AI score0.01962EPSS
Exploits0References4
CVE
CVE
added 2021/01/26 8:39 p.m.566 views

CVE-2021-26271

CVE-2021-26271 affects CKEditor 4 before 4.16. An attacker could trigger a ReDoS-type DoS by persuading a victim to paste crafted text into the Styles input of dialogs (Advanced Tab in the Dialogs plugin). Affected versions are CKEditor 4.x prior to 4.16; remediation is to upgrade to 4.16 or newe...

6.5CVSS6.6AI score0.01962EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.9 views

CKEditor Security Vulnerabilities

CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor prior to CKEditor 4.16, which allows redos-type attacks to be executed in CKEditor 4 by inducing a victim to paste carefully crafted text into the styled input of a specific dialog box...

6.5CVSS6.9AI score0.01962EPSS
Exploits0References7
Veracode
Veracode
added 2020/03/27 8:44 a.m.12 views

Regular Expression Denial Of Service (ReDoS)

fecha is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists when a user inputs a really long string as the parameter dateStr through the parse method in the file fecha.js causing the system to hang for a very long time...

3.8AI score
Exploits0
OSV
OSV
added 2020/01/30 7:15 p.m.25 views

CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

6.5CVSS6.8AI score
Exploits0References16
Rows per page
Query Builder