Oracle Linux 8 : python38:3.8 (ELSA-2020-4641)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4641 advisory. - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2708)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2666)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial Of Service (ReDoS)

@adobe/css-tools is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in index.ts due to improper input validations which allows an attacker to cause an application slowdown when parsing CSS...

RLSA-2023:3821 Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.7. BZ2189465 Security Fixes: ruby/cgi-gem: HTTP response splitting i...

ruby:2.7 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, module.rubygem-bson, ruby, rubygem-bson, rubygem-pg, rubygem-mongo, module.rubygem-mysql2, rubygem-abrt, module.ruby, module.rubygem-mongo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System...

Regular Expression Denial Of Service (ReDoS)

mathjax is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the components and markdown patterns, which allows an attacker to slow down the application if they can control the input to the MathJax.Message.Set or...

Rocky Linux 8 : ruby:2.7 (RLSA-2023:3821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3821 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

FreeBSD : py-pygments -- multiple DoS vulnerabilities (cdc685b5-1724-49a1-ad57-2eaab68e9cc0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cdc685b5-1724-49a1-ad57-2eaab68e9cc0 advisory. - An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service...

FreeBSD : py-dparse -- REDoS vulnerability (83b29e3f-886f-439f-b9a8-72e014479ff9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 83b29e3f-886f-439f-b9a8-72e014479ff9 advisory. - dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular...

@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...

GHSA-HPX4-R86G-5JRG @adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS

Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...

MathJax Regular expression Denial of Service (ReDoS)

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

Input validation

DISPUTED Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

CVE-2023-39663

CVE-2023-39663 affects MathJax up to v2.7.9. The issue is two Regular Expression Denial of Service (ReDoS) flaws in MathJax.js triggered via the components pattern and markdownPattern. The vendor disputes the risk on the basis that the regexes aren’t applied to user input. Documented impact from ...

CVE-2023-39663

Removed by vendor...

CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...