ROOT-OS-ALPINE-318-CVE-2024-41946 CVE-2024-41946 in rootio-ruby-rexml - Patched by Root

Root has patched CVE-2024-41946 in the rootio-ruby-rexml package for Root:Alpine:3.18. Multiple fixed versions available...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-41946)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41946 advisory. - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses a...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

ROS-20251111-05

The vulnerability in the Ruby REXML XML toolkit is related to the fact that the application does not properly control the internal resource consumption when analyzing malformed XML code containing multiple XML declarations. Exploitation of the vulnerability could allow an attacker to cause a deni...

macOS 26.x < 26.1 Multiple Vulnerabilities (125634)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.1. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.1. An app may be able to cause unexpected system termination ...

USN-7840-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities

It was discovered that the REXML module bunded into Ruby incorrectly handled parsing XML documents with repeated instances of certain characters. An attacker could possibly use this issue to cause REXML to consume excessive resources, leading to a denial of service. Ubuntu 18.04 LTS and Ubuntu...

Ruby REXML 3.3.3 < 3.4.2 DoS vulnerability

The version of the REXML Ruby library installed on the remote host is 3.3.3 prior to 3.4.2. It is, therefore, affected by a DoS vulnerability as referenced in GHSA-c2f4-jgmc-q2r5 advisory. - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing...

AZL-67614 CVE-2025-58767 affecting package rubygem-rexml for versions less than 3.3.9-2

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

RockyLinux 9 : ruby:3.1 (RLSA-2025:4488)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4488 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...

Azure Linux 3.0 Security Update: ruby (CVE-2024-43398)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML tha...

Security Bulletin: Vulnerability in HAProxy (CVE-2023-45539) affects IBM Watson CP4D Data Stores

Summary A potential sensitive information disclosure vulnerability CVE-2023-45539 has been identified related to HAProxy that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45539...

Linux Distros Unpatched Vulnerability : CVE-2014-8090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial ...

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Ruby REXML denial of service vulnerability [ CVE-2024-35176]

Summary Potential Ruby REXML denial of service vulnerability CVE-2024-35176 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-35176...

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to The Bouncy Castle Crypto Package For Java denial of service vulnerabilitiy( CVE-2024-29857)

Summary A potential denial of service vulnerability CVE-2024-29857 has been identified related to The Bouncy Castle Crypto Package For Java that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: Vulnerability in Golang Go  (CVE-2024-24784) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-24784 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24784 DESCRIPTION:...

Security Bulletin: CVE-2023-45288 - HTTP/2 CONTINUATION flood vulnerability affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-45288 - HTTP/2 CONTINUATION flood has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker ma...