Lucene search
K

105 matches found

ATTACKERKB
ATTACKERKB
added 2021/03/12 3:8 p.m.2 views

CVE-2021-23354

The package printf before 0.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the regex string /%?:\w.+|1-9\d$?0 +-\|\d+?.?|\d+?hlL?%bscdeEfFgGioOuxX/g in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity...

7.5CVSS5.3AI score0.02176EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/07/01 12:0 a.m.2 views

PT-2020-18334 · Github +4 · Github Flavored Markdown +4

Name of the Vulnerable Software and Affected Versions: GitHub Flavored Markdown versions prior to 0.29.0.gfm.1 Description: The issue is related to the time complexity of parsing certain markdown tables, which can take On n time. An attacker could craft a markdown table to cause a denial of...

6.5CVSS6.1AI score0.01566EPSS
Exploits0References27
UbuntuCve
UbuntuCve
added 2020/03/06 8:15 p.m.24 views

CVE-2020-7212

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

7.8CVSS7AI score0.03288EPSS
Exploits0References5
OSV
OSV
added 2020/02/20 11:26 p.m.19 views

GHSA-CMCX-XHR8-3W9P Denial of Service in uap-core when processing crafted User-Agent strings

Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-core to gt;=...

5.7CVSS7.3AI score0.02261EPSS
Exploits1References5
Hacker One
Hacker One
added 2019/04/19 8:0 p.m.67 views

Dropbox: Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack

@davidrenardy discovered that the ZXCVBN algorithm is quadratic in time complexity, which implies that the user can submit an arbitrarily long password to the library, leading to a potential denial of service attack if performed at scale. Given how ZXCVBN is used at Dropbox, we accept the Denial ...

2.7AI score
Exploits0
Rows per page
Query Builder