Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.7 security update

Red Hat OpenShift Service Mesh 2.2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

EulerOS Virtualization 3.0.6.0 : python-setuptools (EulerOS-SA-2023-2246)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

Amazon Linux 2 : ruby (ALAS-2023-2084)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2084 advisory. A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs...

git-url-parse crate vulnerable to Regular Expression Denial of Service

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

CVE-2023-33290

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

Code injection

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

CVE-2023-33290

CVE-2023-33290 affects the Rust crate for parsing Git URLs, specifically the git-url-parse crate up to version 0.4.4. The vulnerability is a Regular Expression Denial of Service (ReDoS) via a crafted URL to the normalize_url function in lib.rs. This can lead to high impact on availability (Denial...

Huawei EulerOS: Security Advisory for python-setuptools (EulerOS-SA-2023-2246)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : python-sqlparse (SUSE-SU-2023:2462-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2462-1 advisory. - CVE-2023-30608: Fixed a Regular Expression Denial of Service ReDOS vulnerability bsc1210617. Tenable has extracted th...

Regular Expression Denial Of Service (ReDoS)

fast-xml-parser is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the readDocType function at DocTypeReader.js which allows an attacker to cause an application crash by submitting an entity name with bad preforming regex because entity names are not sanitize...

Regular Expression Denial Of Service (ReDoS)

RedCloth is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the cleanhtml function of html.rb due to inefficient regular expressions complexity, leading to long parsing times or an application crash...

EulerOS Virtualization 2.11.0 : python-setuptools (EulerOS-SA-2023-2111)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

Debian dla-3447 : libruby2.5 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3447 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3447-1 [email protected]...

EulerOS Virtualization 2.11.1 : python-setuptools (EulerOS-SA-2023-2059)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

Debian: Security Advisory (DLA-3447-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-QCM3-VFQ5-WFR2 RedCloth Regular Expression Denial of Service issue

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of RedCloth gem. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2023-31606

CVE-2023-31606 concerns the RedCloth Ruby gem, specifically a ReDoS in the sanitize_html function of version 4.0.0 that can cause DoS with crafted input. Multiple connected advisories confirm the affected component is the RedCloth Ruby gem, and the root cause is the sanitize_html ReDoS pattern. E...

Inefficient Regular Expression Complexity

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

RedCloth Regular Expression Denial of Service issue

A Regular Expression Denial of Service ReDoS issue was discovered in the "sanitizehtml" function of RedCloth gem = v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

Gitlab -- Vulnerability

Gitlab reports: Stored-XSS with CSP-bypass in Merge requests ReDoS via FrontMatterFilter in any Markdown fields ReDoS via InlineDiffFilter in any Markdown fields ReDoS via DollarMathPostFilter in Markdown fields DoS via malicious test report artifacts Restricted IP addresses can clone repositorie...