Lucene search
K

3338 matches found

Hacker One
Hacker One
added 2024/04/03 9:25 p.m.36 views

Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch

A ReDoS vulnerability was discovered in the Accept header parsing in Action Dispatch. The vulnerability was assigned the CVE identifier CVE-2024-26142. Affected versions were 7.1.0 to 7.1.3, while versions prior to 7.1.0 and 7.1.3.1 and later were not affected. The vulnerability was reported and ...

7.5CVSS6.3AI score0.01498EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/03 12:0 a.m.50 views

AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

8.8CVSS7.8AI score0.02637EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/04/02 12:0 a.m.46 views

Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory. ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI...

8.8CVSS7.9AI score0.02637EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/04/01 1:31 a.m.6 views

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/01 1:31 a.m.3 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/01 1:31 a.m.47 views

Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.1AI score0.02637EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2024/04/01 12:0 a.m.43 views

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

8.8CVSS7.1AI score0.02637EPSS
Exploits1References10
OSV
OSV
added 2024/04/01 12:0 a.m.38 views

ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

8.8CVSS8.1AI score0.02637EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/04/01 12:0 a.m.36 views

RHEL 9 : ruby:3.1 (RHSA-2024:1576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.8CVSS7.9AI score0.02637EPSS
Exploits1References11
Veracode
Veracode
added 2024/03/29 6:54 a.m.47 views

Regular Expression Denial Of Service (ReDoS)

angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression backtracking in the ng-srcset directive. This potentially leads to Regular Expression Denial of Service ReDoS...

7.5CVSS6.6AI score0.01891EPSS
Exploits1References3Affected Software2
Rockylinux
Rockylinux
added 2024/03/27 4:34 a.m.42 views

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS7.2AI score0.02637EPSS
Exploits1
OSV
OSV
added 2024/03/27 4:34 a.m.38 views

RLSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. Rocky Linux-28565 Security Fixes: ruby/cgi-gem: HTTP response...

8.8CVSS8.1AI score0.02637EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.18 views

Fedora 38 : python-pygments (2024-8eaf80107a)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8eaf80107a advisory. Security fix for CVE-2022-40896 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.5CVSS6.4AI score0.00503EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/03/22 12:0 a.m.28 views

Debian dla-3768 : python-pil - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3768 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3768-1 [email protected]...

9.8CVSS6.8AI score0.03399EPSS
Exploits1References8
Veracode
Veracode
added 2024/03/21 4:22 a.m.20 views

Regular Expression Denial Of Service (ReDoS)

django-wiki is vulnerable to Regular Expression Denial Of Service ReDoS. This vulnerability is due to improper input validation, allowing maliciously crafted article content to cause severe CPU usage through a regular expression loop, which results in a Denial of Service DoS condition...

7.5CVSS6.7AI score0.00605EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.25 views

Oracle Linux 8 : ruby:3.1 (ELSA-2024-1431)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1431 advisory. ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in UR...

8.8CVSS7.9AI score0.02637EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/03/21 12:0 a.m.39 views

AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1431 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

8.8CVSS7.8AI score0.02637EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2024/03/20 12:0 a.m.48 views

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in URI. Resolves: RHEL-28567 Resolves: RHEL-28576 - Fix ReDos vulnerability in Time. Resolves: RHEL-28566 - Make RDoc soft dependency in IRB. Resolves:...

8.8CVSS7.3AI score0.02637EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/03/19 6:46 p.m.4 views

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02452EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/19 6:46 p.m.4 views

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.02637EPSS
Exploits0References5
Rows per page
Query Builder