CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Prototype Pollution

Overview sds is a structured data search package. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. PoC var root = require"sds"; var...

RHEL 7 : python (RHSA-2020:1268)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1344)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations...

CVE-2020-5289 Read permissions not enforced for client provided filter expressions in Elide http client

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...

GHSA-VQHP-CXGC-6WMM regular expression denial-of-service (ReDoS) in Bleach

Impact bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. Patches 3.1.4 Workarounds d...

regular expression denial-of-service (ReDoS) in Bleach

Impact bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. Patches 3.1.4 Workarounds d...

PYSEC-2020-340

In Mozilla Bleach before 3.1.4, bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS...

PYSEC-2020-340

In Mozilla Bleach before 3.1.4, bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS...

openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Recommended update for ruby2.5 (important)

openSUSE Security Update: Recommended update for ruby2.5 Announcement ID: openSUSE-SU-2020:0395-1 Rating: important References: 1140844 1152990 1152992 1152994 1152995 1162396 1164804 Cross-References: CVE-2012-6708 CVE-2015-9251 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255...

Regular Expression Denial Of Service (ReDoS)

fecha is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists when a user inputs a really long string as the parameter dateStr through the parse method in the file fecha.js causing the system to hang for a very long time...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Prototype Pollution

Overview utils-extend is a package to extend nodejs util api. Affected versions of this package are vulnerable to Prototype Pollution. The extend method within utils-extend can be tricked into adding or modifying properties of Object.prototype Note: CVE-2024-57077 is a duplicate of this...

Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1295)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2020-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : python (EulerOS-SA-2020-1321)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1296)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regula...