48 matches found
MiracleLinux 9 : ruby:3.3 (AXSA:2024-8857:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8857:01 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...
CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-43398)
The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it...
Azure Linux 3.0 Security Update: ruby (CVE-2024-43398)
The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML tha...
CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1
CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.2.9-1
CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.2.9-1. A patched version of the package is available...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Improper Restriction of Recursive Entity References due to rexml package ( CVE-2024-43398 )
Summary Potential vulnerabilities in rexml package CVE-2024-43398 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43398 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has...
TencentOS Server 3: ruby:3.1 (TSSA-2025:0359)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0359 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1
CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1. An upgraded version of the package is available that resolves this issue...
Fedora: Security Advisory (FEDORA-2024-8a931e76d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-cfcd6258fa)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Alibaba Cloud Linux 3 : 0183: pcs (ALINUX3-SA-2024:0183)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0183 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-41123: REXML is an XML toolkit fo...
Moderate: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Linux Distros Unpatched Vulnerability : CVE-2024-43398
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name...
Internet Bug Bounty: CVE-2024-43398: DoS vulnerability in REXML
The CVE-2024-43398 vulnerability was a denial-of-service issue in the REXML library due to poor performance when parsing specially crafted XML. This vulnerability was addressed with a patch released by the Ruby team...
Ubuntu: Security Advisory (USN-7256-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1046)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2025-0001)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2025-0001 Updated ruby packages fix security vulnerabilities
The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many . CVE-2024-39908 The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . CVE-2024-41123 The REXML gem...
CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1
CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2972)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...