Huawei EulerOS: Security Advisory for python-configobj (EulerOS-SA-2024-1493)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python-configobj (EulerOS-SA-2024-1493)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

EulerOS 2.0 SP9 : python-configobj (EulerOS-SA-2024-1514)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

RLSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. Rocky Linux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

ruby:3.1 security, bug fix, and enhancement update

An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

GHSA-5PGG-2G8V-P4X9 SheetJS Regular Expression Denial of Service (ReDoS)

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS. A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.20.2 can be downloaded via https://cdn.sheetjs.com...

SheetJS Regular Expression Denial of Service (ReDoS)

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS. A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.20.2 can be downloaded via https://cdn.sheetjs.com...

CVE-2024-22363

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS...

CVE-2024-22363

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS...

CVE-2024-22363

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS...

Mageia: Security Advisory (MGASA-2024-0107)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-22363

SheetJS Community Edition before 0.20.2 is vulnerable to Regular Expression Denial of Service (ReDoS) caused by an inefficient regular expression. Impact is resource exhaustion (high) as stated in the CVE entry with CVSSv3.1: 7.5 (Network attack, no user interaction, all else unchanged; availabil...

Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

Updated python-pygments packages fix security vulnerability

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

MGASA-2024-0107 Updated python-pygments packages fix security vulnerability

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer...

Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch

A ReDoS vulnerability was discovered in the Accept header parsing in Action Dispatch. The vulnerability was assigned the CVE identifier CVE-2024-26142. Affected versions were 7.1.0 to 7.1.3, while versions prior to 7.1.0 and 7.1.3.1 and later were not affected. The vulnerability was reported and ...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory. ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI...

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...