12 matches found
Debian: Security Advisory (DLA-3902-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : rubygem-rails-html-sanitizer (2023-91e69ea326)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-91e69ea326 advisory. Automatic update for rubygem-rails-html-sanitizer-1.6.0-1.fc40. Changelog Thu Nov 23 2023 Vt Ondruch - 1.6.0-1 - Update to rails-html-sanitizer 1.6....
SUSE SLES15: ruby2.5-rubygem-rails-html-sanitizer / etc (SUSE-SU-2023:3714-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3714-1 advisory. - CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize...
Debian: Security Advisory (DLA-3566-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3566-1] ruby-rails-html-sanitizer security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3566-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...
Satellite 6.13 Release
An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...
Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2097 advisory. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an...
CVE-2022-23518
creationtimestamp| type| source ---|---|--- 2022-12-14 20:23:16+00:00| seen| https://t.me/cibsecurity/54540...
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
CVE-2022-23518 Improper neutralization of data URIs allows XSS in rails-html-sanitizer
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
CVE-2022-23518
The CVE-2022-23518 entry concerns rails-html-sanitizer, a Ruby/Rails HTML sanitizer. Multiple connected advisories confirm that versions 1.0.3 through 1.4.3 are vulnerable to cross-site scripting via data URIs when used with Loofah ≥ 2.1.0, with the issue described as an improper neutralization o...