249 matches found
ROS-20241029-08
Vulnerability in the OpenSearch software package related to improper validation of the nextUrl parameter. Exploitation of the vulnerability could allow an attacker to redirect a user to a malicious site A vulnerability in the server.maxHeadersCount configuration of the ws client-server library in...
Moderate: Red Hat Security Advisory: RHACS 4.5 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
Subnet Solutions Inc. PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...
Debian dla-3902 : ruby-rails-html-sanitizer - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3902 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1 [email protected]...
Inefficient Regular Expression Complexity in langflow
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277 Langflow HTTP POST Request utils.py redos
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277 Langflow HTTP POST Request utils.py redos
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
CVE-2024-9277 Langflow HTTP POST Request utils.py redos
A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...
Langflow 安全漏洞
Langflow is a visualization framework for building multi-agent and RAG applications from the Langflow open source. A security vulnerability exists in Langflow 1.0.18 and earlier versions, which stems from an improper manipulation of the parameter maintainingtext can lead to low regular expression...
CVE-2023-7279
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...
CVE-2020-36830 nescalante urlregex Backtracking index.js redos
A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...
CVE-2023-7279 Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...
CVE-2023-7279
CVE-2023-7279 affects Secure Systems Engineering Connaisseur up to version 3.3.0, with the issue localized to the file connaisseur/res/targets_schema.json in the Delegation Name Handler. The vulnerability causes inefficient regular expression complexity; the reported attack complexity is high and...
RHEL 8 : ceph (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lapack: Out-of-bounds read in larrv CVE-2021-4048 - Beginning in v1.4.1 and prior to v1.4.9, due to an...
SUSE SLES15: golang-github-lusitaniae-apache_exporter / etc (SUSE-SU-2024:0487-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0487-1 advisory. golang-github-lusitaniae-apacheexporter: - Do not strip if SUSE Linux Enterprise 15 SP3 - Exclude debug for Red Hat Enterprise...
CVE-2021-4437 dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...
GHSA-PRR3-C3M5-P7Q2 @adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : NLTK vulnerability (USN-5215-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5215-1 advisory. Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:2575-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2575-1 advisory. grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410:...
CVE-2020-36661
A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...