SUSE: Security Advisory (SUSE-SU-2021:3486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for python (openSUSE-SU-2021:3489-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2021:3489-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : python36 (SUSE-SU-2021:3486-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3486-1 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent...

SUSE: Security Advisory (SUSE-SU-2021:3477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:3489-1 Security update for python

This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287...

SUSE-SU-2021:3486-1 Security update for python36

This update for python36 fixes the following issues: - Update to 3.6.15: - CVE-2021-3737: Fixed a DoS caused by infinitely reading potential HTTP headers after a 100 Continue status response from the server. bsc1189241 - CVE-2021-3426: Fixed an information disclosure via pydoc. bsc1183374 -...

SUSE-SU-2021:3477-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287...

Security update for python (moderate)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2021:3489-1 Rating: moderate References: 1189241 1189287 Cross-References: CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3733 SUSE: 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3737 SUSE: 6.5...

Important: Red Hat Security Advisory: Red Hat Quay v3.6.0 security, bug fix and enhancement update

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Vulnerability fixed in OTRS

A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. OTRS uses the deprecated npm module "resolve-url-loader" which is depends on the module "postcs" and is vulnerable to the ReDoS attack. OTRS has...

Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

GHSA-WPVM-WQR4-P7CW Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619

Add Oracle Linux distribution in platform.py - CVE-2018-20852: Prefix dot in domain for proper subdomain validation - CVE-2020-8492: Python allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client - CVE-2020-26116: http.client allows CRLF injection if...

CVE-2021-41118

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS...

CVE-2021-41118

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS...

CVE-2021-41118 ReDoS in DynamicPageList3

The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS...

CVE-2021-41118

The DynamicPageList3 (DPL) extension for MediaWiki is affected by a ReDoS in the DPL parser when a regular expression date is unsanitised in certain parameters. This can lead to denial of service under affected versions. The issue is resolved in DPL 3.3.6. If updating is not possible, a workaroun...