Total
301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36053 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 8 Debian Linux, Django, Fedora and 5 more | 2024-11-21 | 7.5 High |
| In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | ||||
| CVE-2023-34104 | 2 Fast-xml-parser Project, Redhat | 2 Fast-xml-parser, Migration Toolkit Applications | 2024-11-21 | 7.5 High |
| fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option. | ||||
| CVE-2023-33950 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 6.5 Medium |
| Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. | ||||
| CVE-2023-31606 | 1 Promptworks | 1 Redcloth | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2023-29486 | 3 Apple, Heimdalsecurity, Microsoft | 3 Macos, Thor, Windows | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities. | ||||
| CVE-2023-22799 | 2 Redhat, Rubyonrails | 2 Satellite, Globalid | 2024-11-21 | 7.5 High |
| A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2023-22795 | 4 Debian, Redhat, Ruby-lang and 1 more | 4 Debian Linux, Satellite, Ruby and 1 more | 2024-11-21 | 7.5 High |
| A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2023-0632 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry. | ||||
| CVE-2022-4891 | 1 Libsisimai | 1 Sisimai | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function to_plain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452. | ||||
| CVE-2022-4131 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. | ||||
| CVE-2022-42969 | 1 Pytest | 1 Py | 2024-11-21 | 5.3 Medium |
| The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability. | ||||
| CVE-2022-42965 | 1 Snowflake | 1 Snowflake-connector-python | 2024-11-21 | 3.7 Low |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | ||||
| CVE-2022-42124 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 7.5 High |
| ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype. | ||||
| CVE-2022-40897 | 2 Python, Redhat | 7 Setuptools, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 5.9 Medium |
| Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | ||||
| CVE-2022-40023 | 3 Debian, Redhat, Sqlalchemy | 3 Debian Linux, Enterprise Linux, Mako | 2024-11-21 | 7.5 High |
| Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. | ||||
| CVE-2022-3517 | 4 Debian, Fedoraproject, Minimatch Project and 1 more | 9 Debian Linux, Fedora, Minimatch and 6 more | 2024-11-21 | 7.5 High |
| A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. | ||||
| CVE-2022-3514 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. | ||||
| CVE-2022-39280 | 1 Pyup | 1 Dependency Parser | 2024-11-21 | 5.9 Medium |
| dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed. | ||||
| CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-11-21 | 7.5 High |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
| CVE-2022-37620 | 1 Html-minifier Project | 1 Html-minifier | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js. | ||||