ReDoS in LDAP schema parser

https://github.com/python-ldap/python-ldap/issues/424 Impact The LDAP schema parser of python-ldap 3.3.1 and earlier are vulnerable to a regular expression denial-of-service attack. The issue affects clients that use ldap.schema package to parse LDAP schema definitions from an untrusted source...

SUSE-SU-2021:3814-1 Security update for python-Pygments

This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input bsc1184812...

Regular Expression Denial Of Service (ReDoS)

ramda is vulnerable to regular expression denial of service. The trim function in ramda.js does not properly replace the user input strings due to the insufficient regex pattern used for the ws field, allowing a malicious user to crash the application by providing a malicious input...

Regular Expression Denial Of Service (ReDoS)

Xen is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to manipulate the application by inserting unknown input leads resulting in denial of service conditions...

Regular Expression Denial Of Service (ReDoS)

Xen is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to manipulate the application by inserting unknown input leads resulting in denial of service conditions...

CVE-2021-41817

A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is...

Regular Expression Denial Of Service (ReDoS)

date is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to insert a specifically crafted input through the dateparse method via the str parameter resulting in denial of service conditions...

EulerOS Virtualization 2.9.0 : python-pillow (EulerOS-SA-2021-2775)

According to the versions of the python-pillow package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb...

EulerOS Virtualization 2.9.1 : python-jinja2 (EulerOS-SA-2021-2755)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre...

EulerOS Virtualization 2.9.0 : python-jinja2 (EulerOS-SA-2021-2788)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre...

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2021-2788)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-7337

Name of the Vulnerable Software and Affected Versions date gem versions prior to 3.2.1 date gem versions prior to 3.1.2 date gem versions prior to 3.0.2 date gem versions prior to 2.0.1 Description The issue is related to a ReDoS regular expression Denial of Service vulnerability in the date gem...

CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4160 advisory. - python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 - python-ipaddress: Improper input validation ...

CentOS 8 : resource-agents (CESA-2021:4139)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4139 advisory. - python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 - python-pygments: ReDoS in multiple lexers CVE-2021-27291 Note that Nessu...

EulerOS 2.0 SP5 : python-pillow (EulerOS-SA-2021-2670)

According to the versions of the python-pillow package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function...

CentOS 8 : python36:3.6 (CESA-2021:4150)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4150 advisory. - python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 - python-pygments: ReDoS in multiple lexers CVE-2021-27291 Note that Nessu...

CentOS 8 : python-jinja2 (CESA-2021:4161)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:4161 advisory. - python-jinja2: ReDoS vulnerability in the urlize filter CVE-2020-28493 Note that Nessus has not tested for this issue but has instead relied only on the...

EulerOS 2.0 SP5 : python (EulerOS-SA-2021-2669)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web...

EulerOS 2.0 SP9 : python-pillow (EulerOS-SA-2021-2694)

According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2021:4160)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4160 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...