741 matches found
Fedora 42 : ruby (2025-5805ed7a8f)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5805ed7a8f advisory. - Upgrade to Ruby 3.4.7. - Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594 - Fix REXML denial of service. Resolves:...
ROS-20251111-05
The vulnerability in the Ruby REXML XML toolkit is related to the fact that the application does not properly control the internal resource consumption when analyzing malformed XML code containing multiple XML declarations. Exploitation of the vulnerability could allow an attacker to cause a deni...
macOS 15.x < 15.7.2 Multiple Vulnerabilities (125635)
The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.2. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe...
macOS 14.x < 14.8.2 Multiple Vulnerabilities (125636)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.2. It is, therefore, affected by multiple vulnerabilities: - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This cou...
macOS 26.x < 26.1 Multiple Vulnerabilities (125634)
The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.1. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1,...
Fedora 41 : ruby (2025-b10099f608)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b10099f608 advisory. Upgrade to Ruby 3.3.10. CVE-2025-58767 ruby: REXML denial of service rhbz2396203 Tenable has extracted the preceding description block directly from...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-7840-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7840-1 advisory. It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of...
USN-7840-1: Ruby vulnerabilities
It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of certain characters. An attacker could possibly use this issue to cause REXML to consume excessive resources, leading to a denial of service. Ubuntu 18.04 LTS and Ubuntu...
USN-7840-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities
It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of certain characters. An attacker could possibly use this issue to cause REXML to consume excessive resources, leading to a denial of service. Ubuntu 18.04 LTS and Ubuntu...
EUVD-2021-0797
Malware in sbrugna...
EUVD-2024-1802
Malicious code in bioql PyPI...
EUVD-2022-4143
Malicious code in bioql PyPI...
EUVD-2024-2644
Malicious code in bioql PyPI...
EUVD-2024-2501
Malicious code in bioql PyPI...
EUVD-2024-2251
Malicious code in bioql PyPI...
EUVD-2024-2910
Malicious code in bioql PyPI...
EUVD-2024-2666
Malicious code in bioql PyPI...
EUVD-2025-29746
Malicious code in bioql PyPI...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1204)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1204 advisory. REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be...
Low: ruby3.2
Issue Overview: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches t...