RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...

Gitlab -- vulnerabilities

Gitlab reports: GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider Path Traversal leads to DoS and Restricted File Read Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search Personal Access Token scopes not honoured by...

Important: Red Hat Security Advisory: Satellite 6.15.0 release

An update is now available for Red Hat Satellite 6.15. The release contains a new version of Satellite and important security fixes for various components. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base scor...

Regular Expression Denial Of Service (ReDoS)

tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is caused due to a lack of proper validation in a regular expression used to parse colour information from HTML in the convertHTMLColorToDec function. This can lead to excessive backtracking, resulting...

Fedora 38 : python-django3 (2024-84fbbbb914)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-84fbbbb914 advisory. Security fixes for - CVE-2024-27351 Potential regular expression DOS in django.utils.text.Truncator.words - CVE-2024-24680 denial-of-service in...

GHSA-MX3P-FHPW-X6RV TCPDF vulnerable to Regular Expression Denial of Service

TCPDF version = 6.7.4 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

UBUNTU-CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

CVE-2024-22640

TCPDF (PHP class for generating PDFs) is affected by CVE-2024-22640. The root cause is a Regular Expression Denial of Service in parsing untrusted HTML when a crafted color is processed, with affected versions reported as

CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

CVE-2024-22640

TCPDF version =6.6.5 is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted HTML page with a crafted color...

PT-2024-19516 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions = 6.6.5 Description: The issue concerns a ReDoS Regular Expression Denial of Service vulnerability that occurs when parsing an untrusted HTML page with a crafted color. This can lead to a denial of service. Recommendations: For...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Vulnerability (NS-SA-2024-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ruby packages installed that are affected by a vulnerability: - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. ...

Regular Expression Denial Of Service (ReDoS)

pydantic is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to a regex with inefficient complexity in networks.py, which allows an attacker to cause excessive computation time via a crafted email string...

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

FreeBSD : Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6 (dad6294c-f7c1-11ee-bb77-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dad6294c-f7c1-11ee-bb77-001b217b3468 advisory. - Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos...

Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6

Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...

EulerOS 2.0 SP9 : python-configobj (EulerOS-SA-2024-1514)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...