USN-8018-3: Python 2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

MiracleLinux 8 : ruby:3.3 (AXSA:2025-11546:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11546:01 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 When using the + operator to combine URIs,...

AlmaLinux 8 : ruby:3.3 (ALSA-2025:23062)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23062 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 Tenable has extracted the preceding description bloc...

AlmaLinux 10 : ruby (ALSA-2025:23141)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23141 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 Tenable has extracted the preceding description blo...

Moderate: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Mageia: Security Advisory (MGASA-2025-0320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : ruby (2025-28a9cec027)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-28a9cec027 advisory. - Upgrade to Ruby 3.4.7. - Fix URI Credential Leakage Bypass previous fixes. Resolves: CVE-2025-61594 - Fix REXML denial of service. Resolves:...

EUVD-2020-0079

Malware in sbrugna...

CVE-2020-5227

Feedgen python feedgen before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of...

.NET Core Multiple Vulnerabilities - Windows

.NET Core is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore";...

Security Bulletin: IBM SPSS Modeler - XML (CVE-2013-2407)

Abstract If an attacker makes a victim open a specially crafted XML document, it could be possible to conduct denial of service attacks using IBM SPSS Modeler installed on the victim's system. Content VULNERABILITY DETAILS CVE ID: CVE-2013-2407 DESCRIPTION: If an attacker makes a victim open a...

CVE-2020-5227

Feedgen python feedgen before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of...

CVE-2020-5227

Feedgen python feedgen before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of...

CVE-2020-5227 Feedgen Vulnerable to XML Denial of Service Attacks

Feedgen python feedgen before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of...

GHSA-G8Q7-XV52-HF9F Feedgen Vulnerable to XML Denial of Service Attacks

Impact The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks e.g. XML Bomb. This becomes a concern in particular if feedge...

WS-Attacker - Modular Framework for Web Services Penetration Testing

XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)

Richard J. Moore reports : QXmlSimpleReader in Qt versions prior to 5.2 supports expansion of internal entities in XML documents without placing restrictions to ensure the document does not cause excessive memory usage. If an application using this API processes untrusted data then the applicatio...

CVE-2011-1754

jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

Google Chrome 4.0.249 - XML Denial of Service (PoC)

Google Chrome 4.0.249 - XML Denial of Service PoC Exploit Title: Google Chrome 4.0.249 XML PoC Date: 3/6/2009 Author: Blade Software Link: www.google.com Version: 4.0.249.89 Tested on: Attached CVE : Code : Stack Overflow caused by long malformed string inside XML Tags Tested on Windows 7 64bit...