Oracle Linux 7 : python3 (ELSA-2020-3888)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3888 advisory. - Security fix for CVE-2020-8492 Resolves: rhbz1810616 - Security fix for CVE-2019-16935 Resolves: rhbz1797999 Tenable has extracted the preceding...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

Design/Logic Flaw

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

CVE-2019-20922

CVE-2019-20922 affects the Handlebars.js template engine before 4.4.5. The vulnerability stems from an eager RegExp matching approach in the parser, which can be forced into an endless loop by crafted templates, leading to resource exhaustion. Impact is described as denial of service via consumed...

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources...

RHEL 7 : python3 (RHSA-2020:3888)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3888 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Regular Expression Denial of Service (ReDoS)

Overview Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The ReDoS vulnerability ...

FreeBSD : Python -- multiple vulnerabilities (2cb21232-fb32-11ea-a929-a4bf014bf5f7)

Python reports : bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest.... bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. A remote attacker is able to cause a denial of service condition by submitting a malicious string that when parsed via the Redmi and Mi Pad regexes, would result in excessive resource consumption...

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

CVE-2020-7733

CVE-2020-7733 affects ua-parser-js prior to 0.7.22, where the Redmi/Mi UA regex can cause a Regular Expression Denial of Service (ReDoS). This may allow a crafted request to trigger a DoS on affected environments. Remediation: upgrade ua-parser-js to 0.7.22 or newer (as per description). If any d...

Regular Expression Denial Of Service (ReDoS)

pylint is vulnerable to regular expression denial of service. A regex sub-pattern ^\W+\w allows an attacker to cause a denial of service condition using the string ""+"1"5000 + "!"...

GHSA-WX77-RP39-C6VG Regular Expression Denial of Service in markdown

All versions of markdown are vulnerable to Regular Expression Denial of Service ReDoS. The markdown.toHTML function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the parser accepts user input. Recommendation No fix i...

GHSA-CH52-VGQ2-943F Regular Expression Denial of Service in marked

Affected versions of marked are vulnerable to Regular Expression Denial of Service ReDoS. The label subrule may significantly degrade parsing performance of malformed input. Recommendation Upgrade to version 0.7.0 or later...

Python -- multiple vulnerabilities

Python reports: bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest…. bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

Amazon Linux AMI : python27, python34, python35, python36 (ALAS-2020-1407)

The version of python27 installed on the remote host is prior to 2.7.18-1.138. The version of python34 installed on the remote host is prior to 3.4.10-1.50. The version of python35 installed on the remote host is prior to 3.5.7-1.26. The version of python36 installed on the remote host is prior t...

Medium: python26

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

Regular Expression Denial Of Service (ReDoS)

wicket is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is possible due to improper usage of regular expression in trimParens field, allowing a malicious user to crash the application by passing malicious strings...