Lucene search
+L

13 matches found

OpenVAS
OpenVAS
added 2023/09/14 12:0 a.m.18 views

Debian: Security Advisory (DLA-3565-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.01686EPSS
Exploits0References4
Debian
Debian
added 2023/09/13 3:9 p.m.27 views

[SECURITY] [DLA 3565-1] ruby-loofah security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.9AI score0.01686EPSS
Exploits0
Rockylinux
Rockylinux
added 2023/05/05 3:39 p.m.111 views

Satellite 6.13 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

9.8CVSS8.2AI score0.99931EPSS
Exploits67
Tenable Nessus
Tenable Nessus
added 2023/05/05 12:0 a.m.48 views

Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2097 advisory. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an...

9.8CVSS8.1AI score0.99931EPSS
Exploits68References288
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.496 views

Important: Red Hat Security Advisory: Satellite 6.13 Release

An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...

9.8CVSS7.6AI score0.99931EPSS
Exploits68References263
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.38 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-loofah (SUSE-SU-2023:1657-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1657-1 advisory. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofa...

7.5CVSS6.5AI score0.01686EPSS
Exploits0References10
OSV
OSV
added 2023/03/29 7:38 a.m.9 views

SUSE-SU-2023:1657-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: - CVE-2022-23514: Fixed inefficient regular expression leading to denial of service bsc1206415. - CVE-2022-23515: Fixed improper neutralization of data URIs leading to Cross Site Scripting bsc1206417. - CVE-2022-23516: Fixed uncontrolled...

7.5CVSS6.5AI score0.01686EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/12/14 2:15 p.m.34 views

CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.7AI score0.01686EPSS
Exploits0References3
CVE
CVE
added 2022/12/14 1:19 p.m.201 views

CVE-2022-23514

CVE-2022-23514 affects Loofah, a Ruby HTML/XML sanitization library built on Nokogiri. The issue is an inefficient regular expression that can backtrack excessively while sanitizing certain SVG attributes, leading to a potential DoS via CPU resource exhaustion. It is patched in Loofah 2.19.1 . Th...

7.5CVSS7.2AI score0.01686EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/12/14 1:19 p.m.38 views

CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS7.4AI score0.01686EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/14 1:19 p.m.9 views

CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS7.2AI score0.01686EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/12/14 1:19 p.m.36 views

CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.2AI score0.01686EPSS
Exploits0
Hacker One
Hacker One
added 2022/12/14 10:10 a.m.54 views

Internet Bug Bounty: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)

I reported at https://hackerone.com/reports/1684163 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to...

5CVSS7.2AI score0.01686EPSS
Exploits0
Rows per page
Query Builder