11 matches found
SUSE-SU-2026:1750-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
SUSE-SU-2026:21377-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
Important: amazon-efs-utils
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
Security update for virtiofsd
This update for virtiofsd fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
SUSE-SU-2026:20575-1 Security update for wicked2nm
This update for wicked2nm fixes the following issues: - Update to version 1.4.1 - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257908...
SUSE-SU-2026:0514-1 Security update for cargo-auditable
This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: - CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: - Update to version 0.7.20: mention...
MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...
Medium: ruby
Issue Overview: A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this...
RLSA-2022:6450 Moderate: ruby:3.0 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
Vulnerability of PHP software, allowing a malicious actor to compromise the accessibility of protected information
The vulnerability exists in the scan function in ext/date/lib/parseisointervals.c in PHP, due to an incorrect limitation on the creation of DateInterval objects. Exploiting this vulnerability allows malicious actors, operating remotely, to trigger a service failure reading beyond the buffer in...