CVE-2022-25883

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-sqlparse (SUSE-SU-2023:2619-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2619-1 advisory. - CVE-2023-30608: Fixed a Regular Expression Denial of Service ReDOS vulnerability bsc1210617. Tenable ha...

word-wrap vulnerable to Regular Expression Denial of Service

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

CVE-2023-26115

CVE-2023-26115 affects the word-wrap package. The vulnerability is a Regular Expression Denial of Service (ReDoS) caused by an insecure regex in the result variable, affecting all versions. Public references cite a fix in word-wrap 1.2.4 (and releases tagged 1.2.4) with related discussion and a p...

GHSA-FQHP-RHM6-8RRJ Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service

Withdrawn Advisory This advisory has been withdrawn because the security impact of the slow printing of URLs has been disputed. This link is maintained to preserve external references. Original Description The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos...

Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service

Withdrawn Advisory This advisory has been withdrawn because the security impact of the slow printing of URLs has been disputed. This link is maintained to preserve external references. Original Description The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos...

semver vulnerable to Regular Expression Denial of Service

Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

AZL-27207 CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

CVE-2023-33289

The CVE-2023-33289 entry concerns the Rust crate urlnorm (version up to 0.1.4). A Regular Expression Denial of Service (ReDoS) is described when processing a crafted URL in lib.rs. Reported CVSS v3.1 base metrics indicate Network attack vector, low attack complexity, no privileges required, and a...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

Debian: Security Advisory (DLA-3460-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 23.04 : Ruby vulnerabilities (USN-6181-1)

The remote Ubuntu 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6181-1 advisory. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker coul...

[SECURITY] [DLA 3460-1] python-mechanize security update

Debian LTS Advisory DLA-3460-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 20, 2023 https://wiki.debian.org/LTS Package : python-mechanize Version : 1:0.2.5-3+deb10u1 CVE ID : CVE-2021-32837 Erik Krogh Kristensen and Rasmus Petersen from the GitHub Securit...

JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update the software to the latest version according to the information...

Debian dla-3460 : python-clientform - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3460 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3460-1 [email protected] https://www.debian.org/lts/security/...