12 matches found
Fedora: Security Advisory (FEDORA-2023-1bbea3700b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : rubygem-loofah (2023-1bbea3700b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1bbea3700b advisory. Automatic update for rubygem-loofah-2.22.0-1.fc40. Changelog Thu Nov 23 2023 Vt Ondruch - 2.22.0-1 - Update to Loofah 2.22.0. Resolves: rhbz2126896...
Debian: Security Advisory (DLA-3565-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3565-1] ruby-loofah security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...
Satellite 6.13 Release
An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...
Rocky Linux 8 : Satellite 6.13 Release (Important) (RLSA-2023:2097)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2097 advisory. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an...
Important: Red Hat Security Advisory: Satellite 6.13 Release
An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-loofah (SUSE-SU-2023:1657-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1657-1 advisory. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofa...
SUSE-SU-2023:1657-1 Security update for rubygem-loofah
This update for rubygem-loofah fixes the following issues: - CVE-2022-23514: Fixed inefficient regular expression leading to denial of service bsc1206415. - CVE-2022-23515: Fixed improper neutralization of data URIs leading to Cross Site Scripting bsc1206417. - CVE-2022-23516: Fixed uncontrolled...
CVE-2022-23515
Concerning CVE-2022-23515, Loofah (Ruby library for HTML/XML sanitization, built on Nokogiri) is vulnerable in versions >= 2.1.0 and
CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...
CVE-2022-23515
A Cross-site scripting vulnerability was found in rubygem loofah. While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks...