14 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-23920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in...
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via tools.exec.safeBins. An attacker can access sensitive files from the working directory by supplying a pattern input through the -e or --regexp fla...
EUVD-2019-2444
Malware in sbrugna...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
ruby: Arbitrary memory address read vulnerability with Regex search
A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...
nodejs-semver: Regular expression denial of service
A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...
CVE-2022-44571
A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the multipart parser. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...
USN-5817-1 python-setuptools, setuptools vulnerability
Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service...
Denial Of Service (DoS)
django is vulnerable to denial of service. The vulnerability is due to the regex function in resolvers.py locale parameter not being treated as a regular expression which allows an attacker to cause an application crash via malicious input...
Denial of Service in python-ldap
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...
CVE-2021-46823
python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...
glibc: Arbitrary read in wordexp()
An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input...
CVE-2019-10640
CVE-2019-10640 affects GitLab Community and Enterprise Edition prior to 11.7.10, 11.8.x prior to 11.8.6, and 11.9.x prior to 11.9.4. The vulnerability is a regex input validation issue on the .gitlab-ci.yml refs value, which allows uncontrolled resource consumption. Affected versions and the root...