CVE-2022-34428

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service...

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.

...

PT-2022-7237 · Unknown · Jquery-Validation

Name of the Vulnerable Software and Affected Versions: jquery-validation versions prior to 1.19.5 Description: The issue is related to the incorrect handling of regular expressions in the url2 method of the jQuery Validation Plugin, which can lead to a denial of service when an attacker supplies...

RHEL 8 : python27:2.7 (RHSA-2022:1821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1821 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...

CentOS 8 : python27:2.7 (CESA-2022:1821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1821 advisory. - python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 - python: urllib: HTTP client possible infinite loop on a 100 Contin...

UBUNTU-CVE-2022-29167

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

CVE-2022-29167 ReDoS vulnerability in header parsing in hawk

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

CVE-2022-29167 ReDoS vulnerability in header parsing in hawk

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...

CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4160 advisory. - python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 - python-ipaddress: Improper input validation ...

RHEL 8 : python-pillow (RHSA-2021:4149)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4149 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal...

RHEL 8 : python39:3.9 and python39-devel:3.9 (RHSA-2021:4160)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4160 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CentOS 8 : python-pillow (CESA-2021:4149)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:4149 advisory. - python-pillow: Buffer over-read in PCX image reader CVE-2020-35653 - python-pillow: Buffer over-read in SGI RLE image reader CVE-2020-35655 -...

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-toml, python-urllib3, PyYAML, python-attrs, python-iniconfig, python-requests, modwsgi, python3x-pip, python-py, python-chardet, python-pluggy, Cython, python-psutil,...

ALSA-2021:4160 Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Oracle Linux 8 : python3 (ELSA-2021-4057)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4057 advisory. 3.6.8-39.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-39 - Security fix for CVE-2021-3733: Denial of service when identifying craft...

CentOS 8 : nodejs:14 (CESA-2021:3074)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3074 advisory. - libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 - nodejs-hosted-git-info: Regular Expression...

CentOS 8 : nodejs:12 (CESA-2021:3073)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3073 advisory. - libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 - nodejs-hosted-git-info: Regular Expression...