Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service...

CVE-2025-27220

CVE-2025-27220 affects the CGI gem in Ruby, with a Regular Expression DoS in CGI::Util#escapeElement present in versions prior to 0.4.2. Documents indicate a DoS risk due to unbounded processing of input during cookie handling; no exploit details or affected environments are provided beyond this....

Linux Distros Unpatched Vulnerability : CVE-2009-5155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2024-54170

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

CVE-2024-54170

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

CVE-2024-54170 IBM EntireX denial of service

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

CVE-2024-54170

IBM EntireX 11.1 contains a local-privilege-denied-execution vulnerability where a crafted regular expression with inefficient complexity can exhaust CPU cycles, leading to DoS. The issue is tied to CWE-1333 (Inefficient Regular Expression Complexity) and is documented under CVE-2024-54170 with a...

CVE-2024-54170 IBM EntireX denial of service

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles...

Security Bulletin: Vulnerability in Psf Requests affects watsonx.data

Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).

Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...

SUSE CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

PT-2025-8950 · Ibm · Ibm Entirex

Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue allows a local user to cause a denial of service due to the use of a regular expression with inefficient complexity, which consumes excessive CPU cycles. Recommendations: For IBM EntireX version...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: ruby/uri Fix quadratic backtracking on invalid relative URI ruby/time Make RFC2822 rege...

CVE-2022-49648 tracing/histograms: Fix memory leak problem

In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Fix memory leak problem This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As commit 46bbe5c671e0 "tracing: fix double free" said, the "double free" problem reported by clang static analyzer is: In...

openSUSE Security Advisory (SUSE-SU-2024:0902-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Regular Expression Denial Of Service

GitLab is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient input validation due to the processing logic for generating links in dependency files using vulnerable regular expressions, and attackers can exploit this by submitting specially crafted...

CVE-2025-27104

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...

DOM Expressions 安全漏洞

DOM Expressions is a fine-grained runtime for high-performance DOM rendering by Ryan Carniato Personal Developer. A security vulnerability exists in DOM Expressions that stems from mishandling of substitution patterns and could lead to a cross-site scripting attack...