135 matches found
EUVD-2016-6173
Malware in sbrugna...
EUVD-2023-1827
Malicious code in bioql PyPI...
EUVD-2023-1038
Malicious code in bioql PyPI...
CLSA-2025-1755617966 ruby: Fix of CVE-2023-36617
CVE-2023-36617: fix mishandling invalid URLs that have specific characters in URI parser to prevent ReDoS issue...
CVE-2022-41606
HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0...
CVE-2022-1157
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged...
BIT-RUBY-MIN-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
Amazon Linux 2 : php (ALASPHP8.2-2024-005)
The version of php installed on the remote host is prior to 8.2.23-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PHP8.2-2024-005 advisory. In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as...
ROS-20240826-12
Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...
ROS-20240826-09
The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...
[SECURITY] [DLA 3833-1] php7.3 security update
Debian LTS Advisory DLA-3833-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 17, 2024 https://wiki.debian.org/LTS Package : php7.3 Version : 7.3.31-1deb10u7 CVE ID : CVE-2024-5458 Debian Bug : 1072885 PHP, a widely-used open source general purpose scripting...
rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...
Rocky Linux 8 : ruby:3.1 (RLSA-2024:1431)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1431 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...
ruby: ReDoS vulnerability in URI
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...
BIT-RUBY-2023-28756
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
Cisco ASA and FTD Information Disclosure Vulnerability
Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software...
ruby: ReDoS vulnerability in URI
A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...
ROS-20230929-01
Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...
Improper Authorization
gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...
Improper Authentication
GitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...