3332 matches found
RLSA-2025:11047 Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
RLSA-2025:4063 Moderate: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
ruby:3.1 security update
An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2025-6998
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-54365
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...
NewStart CGSL MAIN 7.02 : ruby Multiple Vulnerabilities (NS-SA-2025-0116)
The remote NewStart CGSL host, running version MAIN 7.02, has ruby packages installed that are affected by multiple vulnerabilities: - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increa...
GHSA-2G7M-PH9X-7Q7M Calibre Web and Autocaliweb have a ReDoS vulnerability
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
Calibre Web and Autocaliweb have a ReDoS vulnerability
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS
ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...
CVE-2025-6998
CVE-2025-6998 describes a Regular Expression Denial of Service (ReDoS) in the strip_whitespaces() function of cps/string_helper.py used by Calibre Web and Autocaliweb. The vulnerability is triggered by a specially crafted username during login, causing catastrophic backtracking and potential deni...
CVE-2025-54365
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...
Regular Expression Denial of Service (ReDoS)
Overview fastapi-guard is a Security library for FastAPI to control IPs and more. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SusPatternsManager class in the suspatternshandler.py file. An attacker can cause excessive resource consumption...
CVE-2025-54365
CVE-2025-54365 concerns the Python package fastapi-guard (3.0.1) where a patched regular-expression length limit fails to catch inputs that bypasses the regex filtering (notably for [removed] attributes), enabling potential ReDoS/back-end resource strain and degraded availability. Multiple connec...
CVE-2025-54365 fastapi-guard patch contains bypassable RegEx
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...
CVE-2025-54365 fastapi-guard patch contains bypassable RegEx
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...
CVE-2025-54365 fastapi-guard patch contains bypassable RegEx
fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...
GHSA-RRF6-PXG8-684G FastAPI Guard has a regex bypass
Summary The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. Details In version 3.0.1, you can find a commit like the one in the link below, which was made to prevent ReDoS...