Lucene search
K

43 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2015-2305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through...

6.8CVSS7.7AI score0.0837EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 7:41 p.m.34 views

K16831: BSD regex library vulnerability CVE-2015-2305

Security Advisory Description Description Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via ...

6.8CVSS8.2AI score0.0837EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-7225

Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...

4.3CVSS6.8AI score0.01604EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.4 views

SUSE CVE-2015-8381

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

7.5CVSS9.5AI score0.05286EPSS
Exploits1References25
SUSE CVE
SUSE CVE
added 2023/02/15 4:48 a.m.4 views

SUSE CVE-2017-7244

The pcre32xclass function in pcrexclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service invalid memory read via a crafted file...

5.5CVSS6.7AI score0.01995EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.26 views

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

7.5CVSS7.8AI score0.01063EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.7 views

The vulnerability of the compile_xclass_matchingpath() function in the PCRE2 library allows a attacker to cause a service failure or expose protected information.

The vulnerability of the compilexclassmatchingpath function in the PCRE2 library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause service failures or disclose sensitive information by sending specially crafted data...

8.5CVSS7AI score0.02993EPSS
Exploits0References10Affected Software6
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.4 views

Github regex 资源管理错误漏洞

Github regex is a Rust library for parsing, compiling, and executing regular expressions. A security vulnerability exists in regex that stems from a denial-of-service attack caused by an untrusted regex or untrusted input matched by a trusted regex...

7.5CVSS8.1AI score0.1446EPSS
Exploits1References30
OSV
OSV
added 2022/03/05 8:15 p.m.8 views

AZL-8898 CVE-2022-24921 affecting package golang for versions less than 1.17.8-1

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...

7.5CVSS6.7AI score0.03255EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/10 5:14 p.m.5 views

pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

7.5CVSS7AI score0.0277EPSS
Exploits0References4
OSV
OSV
added 2020/06/04 6:15 p.m.5 views

CVE-2020-7661

all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service...

7.5CVSS7.1AI score0.02693EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2019/11/17 6:15 p.m.34 views

CVE-2019-19012

An integer overflow in the searchinrange function in regexec.c in Oniguruma 6.x before 6.9.4rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. This only affects the 32-bit compiled version. Remote attackers can cause a denial-of-service or...

9.8CVSS6.7AI score0.10539EPSS
Exploits3
OSV
OSV
added 2017/11/13 3:29 a.m.3 views

CVE-2017-13846

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS5.9AI score0.02925EPSS
Exploits0References2
OSV
OSV
added 2015/12/01 12:0 a.m.3 views

UBUNTU-CVE-2015-8389

PCRE before 8.38 mishandles the /?:|a|100x/ pattern and related patterns, which allows remote attackers to cause a denial of service infinite recursion or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konquero...

9.8CVSS7.2AI score0.03887EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2015/07/01 12:0 a.m.34 views

SOL16831 - BSD regex library vulnerability CVE-2015-2305

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...

6.8CVSS1AI score0.0837EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.64 views

SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1018-1)

PHP 5.3 was updated to fix multiple security issues : bnc931776: pcntlexec does not check path validity CVE-2015-4026 bnc931772: overflow in ftpgenlist resulting in heap overflow CVE-2015-4022 bnc931769: memory corruption in pharparsetarfile when entry filename starts with NULL CVE-2015-4021...

7.5CVSS7.4AI score0.50129EPSS
Exploits15References36
RedHat Linux
RedHat Linux
added 2015/06/04 8:6 a.m.3 views

regex: heap overflow in regcomp() on 32-bit architectures

A heap buffer overflow flaw was found in the regcomp function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp function could cause that application to crash and possibly execute arbitrar...

6.8CVSS7.1AI score0.0837EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2015/06/04 8:2 a.m.3 views

regex: heap overflow in regcomp() on 32-bit architectures

A heap buffer overflow flaw was found in the regcomp function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp function could cause that application to crash and possibly execute arbitrar...

6.8CVSS7.1AI score0.0837EPSS
Exploits1References4
Amazon
Amazon
added 2015/05/14 12:0 a.m.45 views

Medium: php

Issue Overview: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library aka rxspencer alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression...

6.8CVSS8.5AI score0.0837EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/05/13 12:0 a.m.33 views

Fedora 20 : clamav-0.98.7-1.fc20 (2015-7378)

ClamAV 0.98.7 ============= This release contains new scanning features and bug fixes. - Improvements to PDF processing: decryption, escape sequence handling, and file property collection. - Scanning/analysis of additional Microsoft Office 2003 XML format. - Fix infinite loop condition on crafted...

6.8CVSS6.9AI score0.0837EPSS
Exploits1References9
Rows per page
Query Builder