Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: python-mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score,...

EulerOS 2.0 SP11 : python-setuptools (EulerOS-SA-2023-1766)

According to the versions of the python-setuptools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted...

EulerOS 2.0 SP11 : python-setuptools (EulerOS-SA-2023-1788)

According to the versions of the python-setuptools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby regression (USN-6055-2)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6055-2 advisory. USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to...

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

Input validation

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

CVE-2023-1894

CVE-2023-1894 is a ReDoS affecting Puppet Server 7.9.2 during certificate validation. The vulnerability arises from crafted certificate names and results in significantly slowed server operations. Public details in the provided documents confirm Puppet Server as the affected component and describ...

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

PT-2023-17321 · Puppet +1 · Puppet Server +1

Name of the Vulnerable Software and Affected Versions: Puppet Server version 7.9.2 Description: A Regular Expression Denial of Service ReDoS issue was discovered in the certificate validation of Puppet Server. This issue is related to specifically crafted certificate names, which can significantl...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-6055-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6055-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js ua-parser-js

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js ua-parser-js. Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...

Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Debian dla-3408 : jruby - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3408 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected]...

CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

EulerOS Virtualization 2.9.1 : python-setuptools (EulerOS-SA-2023-1648)

According to the versions of the python-setuptools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML...

nodejs:14 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Rocky Linux 8 : nodejs:14 (RLSA-2023:1743)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1743 advisory. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service

Impact The SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. The vulnerability may lead to Denial of Service DoS. Patches This issues has been fixed in sqlparse 0.4.4. Workarounds None. References This issue was discovered and reported by...