CVE-2022-40896

CVE-2022-40896 : A ReDoS in Pygments’ SmithyLexer (pygments/lexers/smithy.py) affects pygments up to version 2.15.0. Exploitation could cause a denial of service via crafted Smithy inputs. Connected sources confirm the issue and attribution but do not specify a fixed patch/version. Remediation: u...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2392)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

The vulnerability of the Podman software for managing and running OCI containers on operating systems such as Red Hat Enterprise Linux, RedOS, and the corporate platform Red Hat OpenShift Container Platform allows attackers to circumvent security restrictions and gain increased privileges.

The vulnerability of the Podman software for managing and running OCI containers on Red Hat Enterprise Linux, RedOS, and the Red Hat OpenShift Container Platform operating systems is related to errors in the use of standard permissions. Exploiting this vulnerability allows a malicious actor to...

Debian: Security Advisory (DLA-3480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2366)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

Debian dla-3480 : ruby-redcloth - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3480 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3480-1 [email protected] https://www.debian.org/lts/security/...

Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)

A ReDoS vulnerability was discovered in the URI component of the Ruby uri gem versions 0.12.1 and earlier. The vulnerability allowed for the mishandling of invalid URLs with specific characters, resulting in an increase in execution time for parsing strings to URI objects. This issue was a result...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2392)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2366)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2023-1427 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser...

openSUSE 15 Security Update : python-Django (SUSE-SU-2023:2839-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2839-1 advisory. - CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field bsc1210866. - CVE-2023-36053: Fixed...

Regular Expression Denial Of Service (ReDoS)

apacheairflow is vulnerable to Regular expression Denial of Service ReDoS. The vulnerability exists in the partialsubset function at dag.py due to not validating user input regex efficiently which allows an attacker to send a crafted input causing an application crash...

CVE-2023-36617

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

Internet Bug Bounty: Regular Expression Denial of Service (ReDoS) Vulnerability before 2.6.3

A vulnerability was found in Apache Airflow versions before 2.6.3, allowing an authenticated user to exploit crafted input and cause the current request to hang, resulting in a denial of service...

openSUSE 15 Security Update : python-Django1 (openSUSE-SU-2023:0177-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0177-1 advisory. - In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression...

Oracle Linux 8 : ruby:2.7 (ELSA-2023-3821)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3821 advisory. - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in...

openSUSE 15 Security Update : python-Django1 (openSUSE-SU-2023:0176-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0176-1 advisory. - In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS regular expression...

CVE-2023-36543 Apache Airflow: ReDoS via dags function

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected...

CVE-2023-36543 Apache Airflow: ReDoS via dags function

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Ruby vulnerabilities (USN-6219-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6219-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use...