Lucene search
K

732 matches found

AlmaLinux
AlmaLinux
added 2025/12/10 12:0 a.m.4 views

Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

7.5CVSS6.5AI score0.00539EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2025/12/10 12:0 a.m.5 views

Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

7.5CVSS6.5AI score0.00539EPSS
Exploits0References7
OSV
OSV
added 2025/12/10 12:0 a.m.2 views

ALSA-2025:23063 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

7.5CVSS6.4AI score0.00539EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/12/09 4:18 p.m.4 views

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS7.3AI score0.00383EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 4:18 p.m.1 views

UBUNTU-CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS5.9AI score0.00383EPSS
Exploits0References5
OSV
OSV
added 2025/12/09 1:55 a.m.4 views

CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS9.4AI score0.00383EPSS
Exploits0References5
OSV
OSV
added 2025/12/08 9:30 p.m.3 views

GHSA-9V8J-X534-2FX3 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...

9.3CVSS7.2AI score0.00383EPSS
Exploits0References6
OSV
OSV
added 2025/11/26 3:52 p.m.2 views

SUSE-SU-2025:4264-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 - CVE-2024-49761: Fixed ReDOS vulnerability by updating REXML to 3.3.9 bsc1232440 - CVE-2025-24294: Fixed denial...

8.7CVSS7AI score0.01429EPSS
Exploits0References18
CBLMariner
CBLMariner
added 2025/11/14 10:3 p.m.3 views

CVE-2025-58767 affecting package rubygem-rexml for versions less than 3.3.9-2

CVE-2025-58767 affecting package rubygem-rexml for versions less than 3.3.9-2. A patched version of the package is available...

5.3CVSS6.9AI score0.00231EPSS
Exploits0
OSV
OSV
added 2025/11/14 12:38 p.m.2 views

OESA-2025-2655 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability wh...

7.5CVSS6.9AI score0.0051EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

Fedora 42 : ruby (2025-5805ed7a8f)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5805ed7a8f advisory. - Upgrade to Ruby 3.4.7. - Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594 - Fix REXML denial of service. Resolves:...

7.5CVSS7.1AI score0.0051EPSS
Exploits0References3
Redos
Redos
added 2025/11/11 12:0 a.m.5 views

ROS-20251111-05

The vulnerability in the Ruby REXML XML toolkit is related to the fact that the application does not properly control the internal resource consumption when analyzing malformed XML code containing multiple XML declarations. Exploitation of the vulnerability could allow an attacker to cause a deni...

5.3CVSS6AI score0.00231EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.4 views

macOS 15.x < 15.7.2 Multiple Vulnerabilities (125635)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.7.2. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe...

9.8CVSS7AI score0.01429EPSS
Exploits4References62
Tenable Nessus
Tenable Nessus
added 2025/11/03 12:0 a.m.13 views

macOS 26.x < 26.1 Multiple Vulnerabilities (125634)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.1. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1,...

9.8CVSS7.5AI score0.03239EPSS
Exploits17References115
Tenable Nessus
Tenable Nessus
added 2025/11/03 12:0 a.m.6 views

macOS 14.x < 14.8.2 Multiple Vulnerabilities (125636)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.2. It is, therefore, affected by multiple vulnerabilities: - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This cou...

9.8CVSS6.9AI score0.73495EPSS
Exploits7References52
Tenable Nessus
Tenable Nessus
added 2025/11/01 12:0 a.m.3 views

Fedora 41 : ruby (2025-b10099f608)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b10099f608 advisory. Upgrade to Ruby 3.3.10. CVE-2025-58767 ruby: REXML denial of service rhbz2396203 Tenable has extracted the preceding description block directly from...

5.3CVSS7AI score0.00231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.5 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-7840-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7840-1 advisory. It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of...

7.5CVSS6.8AI score0.02064EPSS
Exploits1References7
OSV
OSV
added 2025/10/27 2:39 p.m.5 views

USN-7840-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities

It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of certain characters. An attacker could possibly use this issue to cause REXML to consume excessive resources, leading to a denial of service. Ubuntu 18.04 LTS and Ubuntu...

7.5CVSS6.7AI score0.02064EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2025/10/27 2:39 p.m.6 views

USN-7840-1: Ruby vulnerabilities

It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of certain characters. An attacker could possibly use this issue to cause REXML to consume excessive resources, leading to a denial of service. Ubuntu 18.04 LTS and Ubuntu...

7.5CVSS6.7AI score0.02064EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0797

Malware in sbrugna...

7.5CVSS6.5AI score0.05061EPSS
Exploits0References34
Rows per page
Query Builder