CVE-2024-4067

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

CVE-2024-4067 Regular Expression Denial of Service in micromatch

The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...

CVE-2024-4067

CVE-2024-4067 affects the NPM package micromatch prior to 4.0.8. The vulnerability is in micromatch.braces() in index.js, where the pattern .* can cause extreme backtracking (ReDoS) as input grows, leading to hangs or slowdowns. A fix was merged and the issue is noted as mitigated by upgrading to...

RHEL 8 : nodejs-ssri (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ssri: Regular expression DoS ReDoS when parsing malicious SRI in strict mode CVE-2021-27290 Note that Nessus...

RHEL 7 : loader-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - loader-utils: prototype pollution in function parseQuery in parseQuery.js CVE-2022-37601 - A Regular...

RHEL 6 : python-jinja2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-jinja2: Sandbox escape due to information disclosure via str.format CVE-2016-10745 - This affects...

Regular Expression Denial Of Service (ReDoS)

s3-url-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity, allowing an attacker to craft long s3 URLS that triggers excessive resource consumption, leading to denial of service...

GitLab < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2651)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for...

GitLab 15.11 < 16.9.7 / 16.10 < 16.10.5 / 16.11 < 16.11.2 (CVE-2024-2454)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoi...

Updated php-tcpdf packages fix security vulnerability

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color. CVE-2024-22640...

MGASA-2024-0169 Updated php-tcpdf packages fix security vulnerability

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color. CVE-2024-22640...

FreeBSD : Gitlab -- vulnerabilities (fbc2c629-0dc5-11ef-9850-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fbc2c629-0dc5-11ef-9850-001b217b3468 advisory. - Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipelin...

Gitlab -- vulnerabilities

Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline Redos on Discord integrations Redos on Google Chat Integration Denial of Service Attack via Pin Menu DoS by filtering tags and branches via the API MR approval via CSRF in SAML SSO Banned user from group...

GLSA-202405-10 : Setuptools: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202405-10 Setuptools: Denial of Service - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular...

Fedora 38 : ruby (2024-48bdd3abbf)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-48bdd3abbf advisory. Upgrade to Ruby 3.2.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 39 : ruby (2024-31cac8b8ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-31cac8b8ec advisory. Upgrade to Ruby 3.2.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 40 : php-tcpdf (2024-27eafd0e65)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-27eafd0e65 advisory. Version 6.7.5 2024-04-20 - Update GitHub actions - fix: CSV-2024-22640 712 Tenable has extracted the preceding description block directly from the...

[SECURITY] [DLA 3800-1] ruby-rack security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3800-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 29, 2024 https://wiki.debian.org/LTS -...

Fedora 37 : yarnpkg (2023-8d4b772755)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8d4b772755 advisory. Update to 1.22.19. Backport patch for CVE-2021-35065 for bundled glob-parent. Tenable has extracted the preceding description block directly from th...

RHEL 8 : Satellite 6.14 (RHSA-2023:6818)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...