CVE-2022-40897

Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS in packageindex.py...

Fedora 35 : glances (2022-edf635cf39)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-edf635cf39 advisory. Update to 3.3.0.1 and CVE-2022-25844 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

RLSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs 16.18.1, nodejs-nodemon 2.0.20. Security Fixes: nodejs: Improper handling of URI Subject...

Internet Bug Bounty: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)

I reported at https://hackerone.com/reports/1684163 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to...

Oracle Linux 8 : nodejs:18 (ELSA-2022-8833)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8833 advisory. - Rebase to version 18.12.1 Resolves: rhbz2125580 CVE-2022-43548 CVE-2022-3517 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256...

RHEL 8 : nodejs:18 (RHSA-2022:8833)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8833 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

AlmaLinux 8 : nodejs:18 (ALSA-2022:8833)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8833 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548 Tenable ha...

nodejs:18 security, bug fix, and enhancement update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

nodejs:18 security, bug fix, and enhancement update

An update is available for module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform...

CVE-2020-7753

A flaw was found in the npm library trim where a specifically crafted input can cause a regular expression to take an abnormal amount of time to compute. All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS DNP via trim...

GLSA-202211-10 : Pillow: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-10 Pillow: Multiple Vulnerabilities - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. CVE-2021-23437 - Pillow through 8.2.0 and PIL aka Python...

GHSA-VJJ4-QWCM-552H Inefficient Regular Expression Complexity in Liferay Portal

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

Inefficient Regular Expression Complexity in Liferay Portal

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

CVE-2022-42124

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

Design/Logic Flaw

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

PT-2022-26270 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.2 fix pack 9 through fix pack 18 Liferay DXP version 7.3 before update 4 Liferay DXP version 7.4 GA Description: A ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProce...

CVE-2022-42124

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected in...

CVE-2022-42124

The CVE-2022-42124 ReDoS vulnerability affects Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.2 (fix pack 9–18), 7.3 before update 4, and 7.4 GA, in LayoutPageTemplateEntryUpgradeProcess. A crafted payload in the layout prototype’s name field can cause excessive server resource consumption. Remed...

GitLab: ReDoS due to device-detector parsing user agents

A ReDoS vulnerability was discovered in how GitLab parsed user agents, which could lead to Denial of Service on affected instances...

snowflake-connector-python is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the getfiletransfertype method...