EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-2708)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2824)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-2851)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters...

EulerOS 2.0 SP10 : python-configobj (EulerOS-SA-2024-1070)

According to the versions of the python-configobj package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using...

EulerOS 2.0 SP11 : python-pygments (EulerOS-SA-2023-3042)

According to the versions of the python-pygments packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. CVE-2022-40896 Note that Tenable...

RedCloth: ReDoS Vulnerability

Background RedCloth is a module for using Textile in Ruby Description A vulnerability has been discovered in RedCloth. Please review the CVE identifier referenced below for details. Impact RedCloth is vulnerable to a regular expression denial of service "ReDoS" attack via the sanitizehtml functio...

GLSA-202401-14 : RedCloth: ReDoS Vulnerability

The remote host is affected by the vulnerability described in GLSA-202401-14 RedCloth: ReDoS Vulnerability - A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS...

Huawei EulerOS: Security Advisory for python-configobj (EulerOS-SA-2024-1070)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-configobj (EulerOS-SA-2024-1094)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker t...

CVE-2023-50249

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...

Design/Logic Flaw

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...

CVE-2023-50249

CVE-2023-50249 affects Sentry-Javascript’ s Astro SDK, with a ReDoS vulnerability in versions 7.78.0–7.86.0 due to dynamic regular expressions created for user-submitted URL parameters (e.g., in middleware.ts), enabling excessive server computation and DoS under certain conditions. The issue has ...

CVE-2023-50249 Sentry's Astro SDK vulnerable to ReDoS

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...

CVE-2023-50249 Sentry's Astro SDK vulnerable to ReDoS

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...

Sentry's Astro SDK vulnerable to ReDoS

Impact A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service DoS. Applications that are...

GHSA-X3V3-8XG8-8V72 Sentry's Astro SDK vulnerable to ReDoS

Impact A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service DoS. Applications that are...

CVE-2023-48631

A Regular Expression Denial of Service ReDoS vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS...

GitLab 16.5 < 16.5.3 / 16.6 < 16.6.1 (CVE-2023-6396)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: XSS and ReDoS in Markdown via Banzai pipeline of Jira Members with admingroupmember custom permission can add members with higher role Release Description visible in public projects...

Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python Pygments-2.14.0 package [CVE-2022-40896]

Summary The Python Pygments package, a syntax highlighting package, is used by IBM Cinder plug-in. Pygments-2.14.0 is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in SqlJinjaLexer class vulnerability CVE-2022-40896. Vulnerability Detail...