9 matches found
SUSE: Security Advisory (SUSE-SU-2023:2578-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...
Inefficient Regular Expression Complexity in ramda/ramda
✍️ Description A ReDoS regular expression denial of service flaw was found in the ramda package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref: https://nvd.nist.gov/vuln/detail/CVE-2020-7753...
Inefficient Regular Expression Complexity in apidoc/apidoc-core
✍️ Description A ReDoS regular expression denial of service flaw was found in the apidoc-core package. An attacker that is able to provide crafted input to the trim function may cause an application to consume an excessive amount of CPU. Similar attack ref:...
Regular Expression Denial of Service in trim
Overview Versions of trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service ReDoS via trim. Recommendation Upgrade to version 0.0.3 or later References - CVE - GitHub Advisory...
02strich-markdown (>=1.0.0 <=1.0.2), 10secondsofcode-custom (=1.0.0) +11494 more potentially affected by CVE-2020-7753 via trim (=0.0.1)
trim NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on trim and may be impacted: - 02strich-markdown =1.0.0, =1.0.0, =0.0.2, =0.0.1, =4.11.0, =0.1.0, =0.0.2, =0.2.0, =1.0.16, =1.2.0, =1.2.2 and more Source cves: CVE-2020-7753 Source...
CVE-2020-7753 Regular Expression Denial of Service (ReDoS)
All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS via trim...
CVE-2020-7753
CVE-2020-7753: The Connected IBM bulletin confirms that the trim package is vulnerable to Regular Expression Denial of Service (ReDoS) via trim() in all versions. It assigns a high base score (7.5) and references IBM X-Force data; however, the bulletin does not publicly specify a patched version ...
02strich-markdown (>=1.0.0 <=1.0.2), 10secondsofcode-custom (=1.0.0) +11494 more potentially affected by CVE-2020-7753 via trim (=0.0.1)
trim NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on trim and may be impacted: - 02strich-markdown =1.0.0, =1.0.0, =0.0.2, =0.0.1, =4.11.0, =0.1.0, =0.0.2, =0.2.0, =1.0.16, =1.2.0, =1.2.2 and more Source cves: CVE-2020-7753 Source...