CVE-2024-52804

The CVE-2024-52804 issue affects Tornado prior to 6.4.2, where the HTTP cookie parsing algorithm can exhibit quadratic complexity, causing high CPU usage in the event loop and potential DoS. The documented fix is upgrading to Tornado 6.4.2. Connected advisories also reference mitigation in packag...

RUSTSEC-2024-0379 Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

Updated jupyter-notebook packages fix security vulnerabilities

Path traversal in moment.locale. CVE-2022-24785 Inefficient parsing algorithim resulting in DoS. CVE-2022-31129...

SUSE SLES15 Security Update : release-notes-susemanager, release-notes-susemanager-proxy (SUSE-SU-2022:3761-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3761-1 advisory. - drools =7.59.x is affected by an XML External Entity XXE vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly...

SUSE SLES15 Security Update : SUSE Manager Proxy 4.3 (SUSE-SU-2022:3750-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3750-1 advisory. - The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a...

RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...

RHEL 7 : Red Hat Gluster Storage web-admin-build (RHSA-2023:1486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1486 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python...

Moderate: Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update

An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RHEL 8 : Red Hat OpenShift Service Mesh 2.0.11 (RHSA-2022:6272)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6272 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift...

RHEL 8 : Red Hat OpenShift Service Mesh 2.1.5 (RHSA-2022:6277)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6277 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift...

CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

CVE-2022-31129 Inefficient Regular Expression Complexity in moment

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

CVE-2022-31129 Inefficient Regular Expression Complexity in moment

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...

Mail.ru: XSS в теле письма.

XSS via malcrafted HTML "rel" attribute. As a temporary workaround rel attribute was disabled on the day of reporting. A final solution fixes parsing algorithm for rel attributes...