Lucene search
K

124 matches found

OSV
OSV
added 2021/09/02 8:11 a.m.7 views

OPENSUSE-SU-2021:2923-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-008...

7.8CVSS6.2AI score0.0187EPSS
Exploits0References30
OSV
OSV
added 2021/09/02 8:11 a.m.10 views

SUSE-SU-2021:2923-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-008...

7.8CVSS6.4AI score0.0187EPSS
Exploits0References30
OSV
OSV
added 2021/09/02 8:10 a.m.5 views

SUSE-SU-2021:2922-1 Security update for xen

This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed bsc1186428 - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling bsc1186429 - CVE-2021-008...

7.8CVSS6.2AI score0.0187EPSS
Exploits0References32
OSV
OSV
added 2021/08/27 7:15 p.m.4 views

ALPINE-CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...

4.9CVSS6.9AI score0.0187EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/08/24 1:6 p.m.4 views

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/08/24 12:50 p.m.9 views

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/07/02 12:0 a.m.7 views

The vulnerability of the xz_head function in the xzlib.c component of the Libxml2 library, related to a lack of resource allocation mechanism, allows attackers to cause service failures.

The vulnerability of the xzhead function in the xzlib.c component of the Libxml2 library is related to the lack of memory constraints. Exploiting this vulnerability allows a remote attacker to cause a service failure through the use of a specially created LZMA file...

6.5CVSS6.6AI score0.02706EPSS
Exploits0References11Affected Software4
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.3 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
OSV
OSV
added 2021/02/01 8:15 p.m.2 views

ALPINE-CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

5.3CVSS6.9AI score0.03546EPSS
Exploits1References1
OSV
OSV
added 2021/02/01 8:15 p.m.5 views

AZL-40857 CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

5.3CVSS6.7AI score0.03546EPSS
Exploits1References1
OSV
OSV
added 2021/02/01 8:15 p.m.3 views

UBUNTU-CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

5.3CVSS6.8AI score0.03546EPSS
Exploits1References8
OSV
OSV
added 2021/02/01 8:15 p.m.6 views

PYSEC-2021-66

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

5.3CVSS7.2AI score0.03546EPSS
Exploits1References5
CVE
CVE
added 2021/02/01 7:30 p.m.460 views

CVE-2020-28493

CVE-2020-28493 affects jinja2 up to version 2.11.3 (inclusive of 0.0.0 to before 2.11.3). The root cause is a Denial of Service likely caused by the regex in the _punctuation_re used by the urlize filter, leading to excessive CPU on crafted input. Public documents identify this ReDoS vulnerabilit...

5.3CVSS6.2AI score0.03546EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.5 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/14 11:16 a.m.4 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
Snyk
Snyk
added 2020/09/25 5:29 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The ReDoS vulnerability ...

7.5CVSS9.3AI score0.03546EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/08/18 4:34 p.m.3 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 6:6 a.m.3 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/30 1:52 p.m.3 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/22 12:8 p.m.2 views

netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...

7.5CVSS7.3AI score0.09438EPSS
Exploits0References4
Rows per page
Query Builder