EulerOS Virtualization 3.0.2.0 : python (EulerOS-SA-2021-2825)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, wh...

EulerOS Virtualization 3.0.2.0 : python-jinja2 (EulerOS-SA-2021-2840)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre...

Debian DLA-2853-1 : ruby2.3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2853 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2...

Regular Expression Denial Of Service (ReDoS)

parse-link-header is vulnerable to regular expression denial of service. The usage of an insecure 'checkHeader' function allows an attacker to cause a denial of service condition via a malicious URL string...

cve-search has an unspecified vulnerability

Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2021-2813)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2021-2812)

According to the versions of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the...

CVE-2021-23490

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the checkHeader function...

Design/Logic Flaw

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the checkHeader function...

CVE-2021-23490

CVE-2021-23490 affects the npm package parse-link-header . The issue is a Regular Expression Denial of Service (ReDoS) triggered by the checkHeader function in versions prior to 2.0.0 . Reported impact is CPU exhaustion that can degrade service or cause a denial of service. Remediation : upgrade ...

Regular Expression Denial Of Service (ReDoS)

nltk is vulnerable to regular expression denial of service. The vulnerability exists in PunktSentenceTokenizer function in punkt.py which allows an attacker to cause an application crash...

Regular Expression Denial Of Service (ReDoS)

cvesearch is vulnerable to regular expression denial of service. The vulnerability exists due to lack of sanitization of user inputs in cvesForCPE function of DatabaseLayer.py which allows a malicious user to cause a ReDoS...

Code injection

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts...

CVE-2021-45470

The CVE-2021-45470 entry impacts cve-search prior to 4.1.0, where lib/DatabaseLayer.py is vulnerable to regular expression injection. This flaw can trigger ReDoS (regular expression denial of service) and potentially other impacts as described in multiple sources. Root cause is insufficient input...

CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

CVE-2021-43854

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

Input validation

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

PYSEC-2021-859

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...

CVE-2021-43854

CVE-2021-43854 affects the Python package NLTK. Versions prior to 3.6.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) in the affected tokenizers: PunktSentenceTokenizer, sent_tokenize, and word_tokenize. The issue arises from inefficient regex backtracking on crafted inputs, ca...