16 matches found
CLSA-2026-1777366733 python3: Fix of CVE-2026-1299
CVE-2026-1299: reject newline injection in email module's BytesGenerator when serializing headers - Skip test.testxmletree.XMLPullParserTest.testsimplexml during RPM build; unrelated expat-2.1.0-15.0.7.tuxcare.els1 regression breaks XMLPullParser chunked-feed semantics in TuxCare ELS el7 build...
CLSA-2026-1777308690 python3: Fix of CVE-2026-1299
CVE-2026-1299: reject newline injection in email module's BytesGenerator when serializing headers - Skip test.testxmletree.XMLPullParserTest.testsimplexml during RPM build; unrelated expat-2.1.0-15.0.7.tuxcare.els1 regression breaks XMLPullParser chunked-feed semantics in TuxCare ELS el7 build...
EUVD-2024-2501
Malicious code in bioql PyPI...
ROS-20240918-12
A vulnerability in the Ruby REXML XML toolkit is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The XML Toolkit for Ruby REXML vulnerability is related to the presence of a DoS vulnerability in X...
SUSE CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
REXML DoS vulnerability
Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. Patches The REXML gem 3.3.3 or later include t...
GHSA-5866-49GR-22V4 REXML DoS vulnerability
Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. Patches The REXML gem 3.3.3 or later include t...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the SAX2 or pull parser API. An attacker can cause the application to consume excessive resources leading to a denial of service by...
CVE-2024-41946 REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41946 REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41946
CVE-2024-41946 is a Denial of Service (DoS) vulnerability in the Ruby REXML XML toolkit. It affects the REXML gem when parsing XML that contains many entity expansions using SAX2 or the pull parser API. The issue is fixed in REXML gem version 3.3.3 and later; older releases (notably 3.3.2) are vu...
CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41946 REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
DoS vulnerabilities in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-41946. We strongly recommend upgrading the REXML gem. Details When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time. Please update...
Fedora: Security Advisory for rust-pulldown-cmark (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 34 Update: rust-pulldown-cmark-0.8.0-4.fc34
Pull parser for CommonMark...