14 matches found
Astra Linux - уязвимость в ruby2.5
In the date gem for Ruby, from version 3.2.0 onwards, Date.parse can cause ReDoS Regular Expression Denial of Service attacks due to the use of a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...
SUSE CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
SUSE CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
DEBIAN-CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
AZL-7110 CVE-2021-41817 affecting package ruby for versions less than 3.1.2-2
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Regular Expression Denial Of Service (ReDoS)
date is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to insert a specifically crafted input through the dateparse method via the str parameter resulting in denial of service conditions...
Regular Expression Denial of Service (ReDoS)
Overview date is a subclass of Object includes Comparable module for handling dates. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Date’s parsing methods including Date.parse are using regular expressions internally, some of which are vulnerable...
Mozilla: Out of bound read in Date.parse()
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
Mozilla: Out of bound read in Date.parse()
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
Mozilla: Out of bound read in Date.parse()
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2020-44565)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A buffer overflow vulnerability exists in Date.parse in versions prior to Mozilla Firefox 78. An attacker can exploit this vulnerability to obtain sensitive information...
UBUNTU-CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...