Lucene search
+L

170 matches found

vulnrichment
vulnrichment
added 2023/07/25 2:45 p.m.18 views

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

4.3CVSS6.9AI score0.01417EPSS
Exploits0References1
cve
cve
added 2023/07/25 2:45 p.m.51 views

CVE-2023-39174

JetBrains TeamCity prior to 2023.05.2 is affected by CVE-2023-39174 due to a Regular Expression Denial of Service (ReDoS) flaw introduced by the integration with issue trackers. Documented impact is a potential DoS; no exploitation details are provided. Mitigation per connected sources is to upgr...

7.5CVSS7.5AI score0.01417EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/07/25 2:45 p.m.22 views

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers...

4.3CVSS8AI score0.01417EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/07/25 12:0 a.m.5 views

PT-2023-26829 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.05.2 Description: A ReDoS attack was possible via integration with issue trackers. This issue allows for a denial-of-service attack by exploiting regular expressions. Recommendations: For versions pri...

7.5CVSS7.4AI score0.01417EPSS
Exploits0References5
osv
osv
added 2023/07/21 11:5 a.m.4 views

OESA-2023-1440 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a...

7.5CVSS6.9AI score0.02978EPSS
Exploits0References2
nessus
nessus
added 2023/07/15 12:0 a.m.31 views

openSUSE 15 Security Update : python-Django (SUSE-SU-2023:2839-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2839-1 advisory. - CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field bsc1210866. - CVE-2023-36053: Fixed...

9.8CVSS6.9AI score0.02978EPSS
Exploits0References7
osv
osv
added 2023/07/03 12:0 a.m.25 views

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

7.5CVSS7AI score0.02978EPSS
Exploits0References11
debiancve
debiancve
added 2023/07/03 12:0 a.m.92 views

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression denial of service attack via a very large number of domain name labels of emails and URLs...

7.5CVSS7.6AI score0.02978EPSS
Exploits0
vulnrichment
vulnrichment
added 2023/05/15 12:0 a.m.8 views

CVE-2023-32758

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

7.4AI score0.01033EPSS
Exploits0References5
nessus
nessus
added 2023/04/15 12:0 a.m.32 views

CentOS 8 : nodejs:16 (CESA-2023:1582)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1582 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

8.6CVSS7AI score0.02209EPSS
Exploits5References9
nessus
nessus
added 2023/04/14 12:0 a.m.29 views

FreeBSD : py39-py -- Regular expression Denial of Service vulnerability (28a37df6-ba1a-4eed-bb64-623fc8e8dfd0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 28a37df6-ba1a-4eed-bb64-623fc8e8dfd0 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expressio...

7.5CVSS6.6AI score0.01546EPSS
Exploits1References4
nessus
nessus
added 2023/03/05 12:0 a.m.45 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:0608-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0608-1 advisory. Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via...

7.5CVSS6.8AI score0.02209EPSS
Exploits2References17
cvelist
cvelist
added 2023/02/25 5:0 a.m.52 views

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

5.3CVSS7.7AI score0.01229EPSS
Exploits1References5
redhatcve
redhatcve
added 2023/02/21 4:29 p.m.23 views

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.5AI score0.01304EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/02/16 12:0 a.m.3 views

undici 安全漏洞

undici is an HTTP/1.1 client. A security vulnerability exists in undici versions prior to 5.19.1 that stems from vulnerability to regular expression denial of service ReDoS attacks when passing untrusted values to functions...

7.5CVSS7AI score0.01304EPSS
Exploits0References10
susecve
susecve
added 2023/02/15 3:22 a.m.1 views

SUSE CVE-2022-42969

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not bein...

6.5CVSS9.3AI score0.01546EPSS
Exploits1References16
osv
osv
added 2023/02/09 8:15 p.m.3 views

UBUNTU-CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediate...

7.5CVSS6.8AI score0.01049EPSS
Exploits0References4
cve
cve
added 2023/02/03 7:5 p.m.77 views

CVE-2023-23925

The CVE-2023-23925 entry concerns the Switcher Client JavaScript SDK (Switcher API). Affects the strategy match operation (EXIST) where unsanitized input is used to build a regular expression, enabling a Regular Expression Denial of Service (ReDoS). Impact is indicated as high; CVSS vectors show ...

8.6CVSS7.7AI score0.00541EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2023/01/18 12:0 a.m.7 views

PT-2023-18703

Name of the Vulnerable Software and Affected Versions GlobalID versions 0.2.1 through 1.0.0 Rails versions 7.0.0 through 7.0.4 Description A ReDoS based DoS vulnerability in GlobalID could allow an attacker to cause the regular expression engine to take an unexpected amount of time with a careful...

7.5CVSS6.5AI score0.01049EPSS
Exploits0References48
ptsecurity
ptsecurity
added 2022/12/22 12:0 a.m.7 views

PT-2022-6568

Name of the Vulnerable Software and Affected Versions Python Charmers Future versions 0.18.2 and earlier Description The issue is related to improper input validation when handling the Set-Cookie header, allowing a remote attacker to send a specially crafted HTTP request and perform a denial of...

8.7CVSS6.6AI score0.01804EPSS
Exploits1References50
Rows per page
Query Builder