SUSE-SU-2024:4272-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 - Update to 18.20.5 esm: mark import attributes and JSON module as stable deps: + upgrade npm to 10.8.2 + update simdutf to 5.6.0 + update brotli ...

Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.13

Red Hat OpenShift Service Mesh Containers for 2.4.13 This update has a security impact of Low. A Common Vulnerability Scoring system CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.7

Red Hat OpenShift Service Mesh Containers for 2.5.7 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

Primefaces Remote Code Execution Exploit

This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. A denial of service vulnerability exists in JetBrains YouTrack, which can be exploited by an attacker to execute a regular expression resulting in a denial of service...

Regular expression Denial of Service - ReDoS

Description A Regular Expression Denial of Service ReDoS vulnerability identified in the Transformers library, specifically in the file tokenizationnougatfast.py. The vulnerability occurs in the postprocesssingle function, where a regular expression processes specially crafted input. The issue...

Regular Expression Denial Of Service (ReDoS)

cross-spawn is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, which allows an attacker to craft a large string that increases CPU usage and crashes the program...

Regular Expression Denial Of Service (ReDoS)

Giskard is vulnerable to Remote Code Execution ReDoS. The vulnerability is due to inefficient regex handling when processing specific text patterns, allowing an attacker to cause a denial of service DoS by triggering prolonged regex evaluation times...

CVE-2024-53111 mm/mremap: fix address wraparound in move_page_tables()

In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in movepagetables On 32-bit platforms, it is possible for the expression len + oldaddr include include include define ADDR1 void0x60000000 define ADDR2 void0x10000000 define SIZE 0x50000000uL int...

Regular Expression Denial Of Service (ReDoS)

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to improper input sanitization, allowing an attacker to increase CPU usage and crash the program...

PT-2024-9174 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.52635 Description: The issue is related to a potential ReDoS Regular Expression Denial of Service in the Ruby syntax detector of JetBrains YouTrack. This is due to a vulnerable RegExp with inefficie...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 284 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially...

USN-7128-1 pygments vulnerability

Sebastian Chnelik discovered that Pygments had an inefficient regex query for analyzing certain inputs. An attacker could possibly use this issue to cause a denial of service...

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization.

...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

Regular Expression Denial of Service (ReDoS)

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to inefficient cookie parsing that results in quadratic performance. An attacker...

SUSE CVE-2024-50304

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash table is protected by the RTNL mutex and iptunnelfind is only called from the control path where the mutex is taken. Add a lockdep...