CVE-2023-39619

Summary: CVE-2023-39619 affects the Node Email Check package on NPM. The issue is a ReDoS vulnerability in the scpSyntax component of node-email-check version 1.0.4, allowing an attacker to cause denial of service through a crafted string. The available connected sources corroborate this descript...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

CVE-2023-39619

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component...

Ubuntu 16.04 ESM : semver vulnerability (USN-4776-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4776-1 advisory. It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service. Tenable has...

Fedora 37 : python-asgiref / python-django (2023-9d36d373f1)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-9d36d373f1 advisory. Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053 Tenable has extracted the preceding description block directly from the Fedora...

Updated ruby-RedCloth packages fix a security vulnerability

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload. CVE-2023-31606...

Ubuntu 16.04 ESM : minimatch vulnerability (USN-4783-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4783-1 advisory. It was discovered that minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of...

Fedora 38 : python-configobj (2023-27b41bb133)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-27b41bb133 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 38 : icecat (2023-7342330743)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7342330743 advisory. - Release 115.3.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 37 : python-configobj (2023-62baa45349)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-62baa45349 advisory. Fixes an issue in configobj: CVE-2023-26112 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 38 : python-asgiref / python-django (2023-cc023fabb7)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-cc023fabb7 advisory. Security fix for CVE-2023-43665, CVE-2023-41164, and CVE-2023-36053 Tenable has extracted the preceding description block directly from the Fedora...

Regular Expression Denial Of Service (ReDoS)

gitlab is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability arises from insecure regex patterns used in the library, enabling an attacker to crash the application by sending maliciously crafted payloads that use ProjectReferenceFilter to the previewmarkdown endpoint...

Regular Expression Denial Of Service (ReDoS)

zod is vulnerable to Denial of Service DoS. The vulnerability is due to an inefficient regex expression that parses email addresses. An attacker can submit long email addresses, which will cause the Zod application to crash or become unresponsive...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to AngularJS (CVE-2022-25844)

Summary AngularJS is shipped with IBM Tivoli Netcool Impact as part of its UI framework. Information about a security vulnerability affecting AngularJS has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-25844 DESCRIPTION: Node.js Angular module is vulnerable to a deni...

TeamCity Server < 2023.05.2 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.05.2. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain...

CVE-2023-43646

A vulnerability was found in the get-func-name package in the chai module. Affected versions of this package are vulnerable to Regular expression denial of service ReDoS attacks, affecting system availability...

Oracle Linux 8 : nodejs:16 (ELSA-2023-5360)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5360 advisory. - Rebase to 16.20.2 Resolves: rhbz2231866 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 nodejs-nodemon - Rebase to 3.0.1 Resolves:...

Oracle Linux 8 : nodejs:18 (ELSA-2023-5362)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5362 advisory. - Rebase to version 18.17.1 Resolves: rhbz2228939 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 Tenable has extracted the preceding descriptio...

Chaijs/get-func-name vulnerable to ReDoS

The current regex implementation for parsing values in the module is susceptible to excessive backtracking, leading to potential DoS attacks. The regex implementation in question is as follows: js const functionNameMatch = /\sfunction?:\s|\s/^?:/+\/\s^\s/+/; This vulnerability can be exploited...

Input validation

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service redos vulnerability which may lead to a denial of service when parsing malicious input. This vulnerabilit...