117 matches found
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
ALPINE-CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
AZL-40857 CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
PYSEC-2021-66
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
UBUNTU-CVE-2020-28493
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...
CVE-2020-28493
CVE-2020-28493 affects jinja2 up to version 2.11.3 (inclusive of 0.0.0 to before 2.11.3). The root cause is a Denial of Service likely caused by the regex in the _punctuation_re used by the urlize filter, leading to excessive CPU on crafted input. Public documents identify this ReDoS vulnerabilit...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
Regular Expression Denial of Service (ReDoS)
Overview Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The ReDoS vulnerability ...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error OOME or exhaustion of the memory pool...
Debian DLA-1884-1 : linux security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...
Unbreakable Enterprise kernel security update
4.1.12-124.28.3 - Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 Chuck Anderson Orabug: 29890820 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 - tcp: fix fackcount accounting on tcpshiftskbdata Joao Martins Orabug: 29890820 - tcp:...
New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
Security researchers have published the details and proof-of-concept PoC exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system. The vulnerability, discovered by cloud-based security and compliance...
Unbreakable Enterprise kernel security update
4.14.35-1818.1.6 - ipv4: frags: handle possible skb truesize change Eric Dumazet Orabug: 28481663 CVE-2018-5391 4.14.35-1818.1.5 - inet: frag: enforce memory limits earlier Eric Dumazet Orabug: 28481663 CVE-2018-5391 - init/main.c: reorder bootcpustateinit/smppreparebootcpu Mihai Carabas Orabug:...
RHEL7.4: Linux NFS server's DRC memory limits can cause NFS client mount command hangs with repeated CREATE_SESSION / NFS4ERR_DELAY
No description provided...
Kali Linux 2018.1 Release - The Best Penetration Testing Distribution
Kali Linux 2018.1 the first release of 2018, this fine release contains all updated packages and bug fixes since our 2017.3 release last November. This release wasn’t without its challenges–from the Meltdown and Spectre excitement patches will be in the 4.15 kernel to a couple of other nasty bugs...
SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:1445-1)
This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u131 icedtea 3.4.0 - bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110,...