rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

Rocky Linux 8 : python-jinja2 (RLSA-2021:4161)

The remote Rocky Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2021:4161 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple...

Rocky Linux 8 : ruby:2.6 (RLSA-2022:0543)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0543 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that...

Fedora 39 : magicmirror (2023-3a06c965b4)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3a06c965b4 advisory. Automatic update for magicmirror-2.24.0-1.fc39. Changelog Sun Jul 9 2023 Davide Cavalca - 2.24.0-1 - Update to 2.24.0; Fixes: RHBZ2184597,...

Fedora 39 : icecat (2023-035866b576)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-035866b576 advisory. - Release 115.3.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 39 : python-configobj (2023-64b2965699)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-64b2965699 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Rocky Linux 9 : nodejs:18 (RLSA-2022:8832)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8832 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand functio...

Rocky Linux 8 : resource-agents (RLSA-2021:4139)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4139 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML SML...

Puppet Enterprise 2021.7.1 / 2023.0 DoS

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. Note that Nessus has not tested for this issue but has instead relied only on t...

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2023-3019)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2023-3042)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial Of Service (ReDoS)

Django is vulnerable to Regular Expression Denial Of Service. The vulnerability is due to the chars and words functions in text.py as there is no proper limiting or optimization while using regular expressions to parse and truncate input text. This allows an attacker to craft very long or...

Inefficient Regular Expression Complexity in node-email-check

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

Updated python-nltk package fixes a security vulnerability

python-nltk 3.6.6 update resolves ReDoS opportunity by fixing incorrectly specified regex...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

Code injection

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

SUSE: Security Advisory (SUSE-SU-2023:4176-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2023:4176-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4176-1 advisory. - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. bsc1209891 - CVE-2023-28756: Fixed an...

SUSE-SU-2023:4176-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2023-28755: Fixed a ReDoS vulnerability in URI. bsc1209891 - CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. bsc1209967 - CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing...