Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : java-1.7.1-ibm (RHSA-2020:2238)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2238 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

RHEL 6 : java-1.7.1-ibm (RHSA-2020:2236)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2236 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

RHEL 8 : java-1.8.0-ibm (RHSA-2020:2241)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2241 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

RHEL 6 : java-1.8.0-ibm (RHSA-2020:2239)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2239 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Regular Expression Denial of Service (ReDoS)

Overview urlregex is a no-dependency URL validation for Node and the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a very long string in String.test can cause a Denial of Service. PoC by Nick Baugh For url-regex...

Regular Expression Denial of Service (ReDoS)

Overview url-regex is a package with regular expression for matching URLs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a very long string in String.test can cause a Denial of Service. PoC by Nick Baugh For url-regex package:...

EL Expression Injection

hibernate-validator is vulnerable to EL Expression Injection. The vulnerability exists as the value of modType in the validation message is improperly evaluated with $...

GLSA-202005-09 : Python: Denial of service

The remote host is affected by the vulnerability described in GLSA-202005-09 Python: Denial of service An issue was discovered in urllib.request.AbstractBasicAuthHandler which allowed a remote attacker to send malicious data causing extensive regular expression backtracking. Impact : An attacker...

Regular Expression Denial Of Service (ReDoS)

hubot-help is vulnerable to regular expression denial of service ReDoS. The attack is possible due to lack of properly handling of user inputs for command name registration and regex with wildcard characters, triggering a backtracking behavior against the current set of commands registered and...

Denial Of Service (DoS)

perl is vulnerable to denial of service DoS. The vulnerability exists as buffer overflow in the SgrokbslashN function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service application crash via ...

Denial Of Service (DoS)

perl is vulnerable to denial of service DoS. The vulnerability exists as a heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression wi...

DEBIAN-CVE-2020-10693

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

UBUNTU-CVE-2020-10693

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow

A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...

Apache Syncope Code Injection Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A code injection vulnerability exists in Apache Syncope versions prior to...