Lucene search
+L

741 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.6 has a DoS vulnerability when it parses XMLs that contain many elements with the same local name attribute. If you need to parse untrusted XMLs using tree parser APIs like REXML::Document.new, you may be vulnerable to this...

5.9CVSS6.2AI score0.01205EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby 2.5

The REXML gem before version 3.2.5 in Ruby, before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly handle XML round-trip issues. An incorrect document may be generated after parsing and serializing...

7.5CVSS6.8AI score0.05061EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/05/19 12:0 a.m.25 views

ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 3.3.10-5 - Upgrade to Ruby 3.3.10. Resolves: RHEL-127912 - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes...

8.1CVSS6.4AI score0.02364EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.24 views

Oracle Linux 9 : ruby:3.3 (ELSA-2026-18030)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18030 advisory. - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 - Fix possible denial of service in resolv gem...

9.8CVSS7.3AI score0.02364EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.7AI score0.056EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS6.6AI score0.05061EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.1AI score0.06671EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.1 views

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.7AI score0.05538EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.2 views

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

7.5CVSS6.6AI score0.05061EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.1 views

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.1AI score0.06671EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.2 views

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.7AI score0.056EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.7AI score0.056EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2026:1066-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1066-1 advisory. - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service...

9.8CVSS7.4AI score0.01429EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/03/26 10:38 a.m.3 views

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. CVE-2026-27820: insufficient checks in zstreambufferungets can lead to a...

8.8CVSS7.6AI score0.01429EPSS
Exploits0References14
OSV
OSV
added 2026/03/26 10:38 a.m.2 views

SUSE-SU-2026:1066-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service when parsing XML containing multiple XML declarations bsc1250016. - CVE-2026-27820: insufficient checks in zstreambufferungets can lead...

9.8CVSS6.7AI score0.01429EPSS
Exploits0References8
OSV
OSV
added 2026/03/22 5:17 p.m.4 views

ROOT-OS-ALPINE-318-CVE-2024-41946 CVE-2024-41946 in rootio-ruby-rexml - Patched by Root

Root has patched CVE-2024-41946 in the rootio-ruby-rexml package for Root:Alpine:3.18. Multiple fixed versions available...

7.5CVSS7.6AI score0.01192EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.11 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2026-1324)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

7.5CVSS6.5AI score0.0051EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.9 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2026-1350)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

7.5CVSS6.5AI score0.0051EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/27 2:16 p.m.7 views

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References5
Rows per page
Query Builder