Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-39615)

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

EUVD-2024-2501

Malicious code in bioql PyPI...

Ruby REXML < 3.3.6 DoS vulnerability

The version of the REXML Ruby library installed on the remote host is prior to 3.3.6. It is, therefore, affected by a DoS vulnerability. The vulnerability lies when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree...

[SECURITY] [DLA 4018-1] ruby2.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4018-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 17, 2025 https://wiki.debian.org/LTS -...

ROS-20240918-12

A vulnerability in the Ruby REXML XML toolkit is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The XML Toolkit for Ruby REXML vulnerability is related to the presence of a DoS vulnerability in X...

CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

SUSE CVE-2024-41946

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

REXML DoS vulnerability

Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. Patches The REXML gem 3.3.3 or later include t...

GHSA-5866-49GR-22V4 REXML DoS vulnerability

Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. Patches The REXML gem 3.3.3 or later include t...

CVE-2024-41946 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

CVE-2024-41946 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

CVE-2024-41946

CVE-2024-41946 is a Denial of Service (DoS) vulnerability in the Ruby REXML XML toolkit. It affects the REXML gem when parsing XML that contains many entity expansions using SAX2 or the pull parser API. The issue is fixed in REXML gem version 3.3.3 and later; older releases (notably 3.3.2) are vu...

CVE-2024-41946

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

CVE-2024-41946 REXML DoS vulnerability

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

DoS vulnerabilities in REXML

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-41946. We strongly recommend upgrading the REXML gem. Details When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time. Please update...

CentOS 8 : libxml2 (CESA-2024:0119)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0119 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-343)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-343 advisory. Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS v...

Buffer Over-read

libxml2.so is vulnerable to buffer over-reads. A malicious user can pass an XML file to the xmlSAX2TextNode function in SAX2.c to cause a buffer over-read that can crash the application or reveal sensitive information in the memory...