Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-1841)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21391

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular...

CVE-2021-21391

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular...

CVE-2021-21391

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular...

CVE-2021-21391 Regular expression Denial of Service in multiple packages

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular...

CVE-2021-21391

CVE-2021-21391 affects CKEditor 5 npm packages including ckeditor5-engine, -font, -image, -list, -markdown-gfm, -media-embed, -paste-from-office, and -widget. Root cause: a regular expression denial of service (ReDoS) vulnerability that can cause a significant performance drop and browser tab fre...

CVE-2021-21391

Removed by vendor...

CVE-2021-23364

CVE-2021-23364 affects the package browserslist . Versions from 4.0.0 and earlier up to but not including 4.16.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) during parsing of queries. The root cause is crude regex-based parsing that can incur excessive CPU for crafted inputs,...

CVE-2021-23364

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries...

CVE-2021-23364

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service ReDoS during parsing of queries...

CVE-2021-23382

A regular expression denial of service ReDoS vulnerability was found in the npm library postcss when using getAnnotationURL or loadAnnotation options in lib/previous-map.js. An attacker can use this vulnerability to potentially craft a malicious CSS to process resulting in a denial of service...

Regular Expression Denial Of Service (ReDoS)

postcss is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure usage of regex sub-pattern /\\s sourceMappingURL=. via getAnnotationURL and loadAnnotation in lib/previous-map.js...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

CVE-2021-23382

CVE-2021-23382 : IBM Storage Defender Copy Data Management (2.2.0.0–2.2.27.0) includes PostCSS vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The issue stems from vulnerable regex patterns (notably /*\s sourceMappingU...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

Regular Expression Denial Of Service (ReDoS)

vaadin-server is vulnerable to regular expression denial of service. Unsafe validation RegEx in EmailValidator class allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

Regular Expression Denial Of Service (ReDoS)

vaadin-text-field-flow is vulnerable to regular expression denial of service. Unsafe validation RegEx in EmailField allows an attacker to cause excessive CPU usage which could lead to a denial of service condition...

GHSA-42J4-733X-5VCF Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7

Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. - https://vaadin.com/security/cve-2020-36320...

OPENSUSE-SU-2021:0571-1 Security update for python-bleach

This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...