file, python security update

CentOS Errata and Security Advisory CESA-2015:2155 Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

Oracle: Security Advisory (ELSA-2015-2155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : file (ELSA-2015-2155)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2155 advisory. - fix CVE-2014-8116 - bump the acceptable ELF program headers count to 2048 - fix CVE-2014-0207 - cdfreadshortsector insufficient boundary check - fix...

Regular Expression Denial of Service

Overview Versions of millisecond prior to 0.1.2 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of concept var ms = require'millisecond'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result ...

netcf: augeas path expression injection via interface name

A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf such as the libvirt daemon to crash...

Low: Red Hat Security Advisory: grep security and bug fix update

Updated grep packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Bug Fix Advisory: pcre bug fix update

Updated pcre packages that fix several bugs are now available for Red Hat Enterprise Linux 7. PCRE is a Perl-compatible regular expression library. This update fixes the following bugs: Previously, non-matched groups within capturing groups up to a forced match were not being properly reset by...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2009-3626

Perl 5.10.1 allows context-dependent attackers to cause a denial of service application crash via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match...

CVE-2009-0819

sql/itemxmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service crash via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue or UpdateXML," which triggers an assertion failure...

Regular Expression Denial of Service

Overview Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = "";...

Regular Expression Denial of Service

Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...

Regular Expression Denial of Service

Overview The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in. Proof of concept var jadedown = require'jadedown'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...

Regular Expression Denial of Service

Overview The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...

Regular Expression Denial of Service

Overview Versions of uglify-js prior to 2.6.0 are affected by a regular expression denial of service vulnerability when malicious inputs are passed into the parse method. Proof of Concept var u = require'uglify-js'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = resu...

Regular Expression Denial of Service

Overview All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this...

Regular Expression Denial of Service

Overview Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of Concept javascript var ms = require'ms'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...

SUSE SLED11 / SLES11 Security Update : icu (SUSE-SU-2015:1790-1)

icu was updated to fix one security issue. This security issue was fixed : - CVE-2014-9654: Insufficient size limit checks in regular expression compiler bsc917129. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable h...

Regular Expression Denial of Service

Overview Versions 0.3.3 and earlier of marked are affected by a regular expression denial of service ReDoS vulnerability when passed inputs that reach the em inline rule. Recommendation Update to version 0.3.4 or later. References - Regular Expression Denial of Service - OWASP - Issue 497 - GitHu...

Regular Expression Denial of Service

Overview Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later. References - Issue 152, Comment 48107184 - GitHub Advisory...