13 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : PHP vulnerabilities (USN-7648-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7648-1 advisory. It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use thi...
USN-7648-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...
TencentOS Server 3: ruby:3.3 (TSSA-2024:0775)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0775 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Tenable Nessus < 10.8.4 Multiple Vulnerabilities (TNS-2025-05)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-05 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference ...
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-2972)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pul...
USN-7091-2: Ruby vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...
EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2914)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby.The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : Ruby vulnerabilities (USN-7091-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7091-1 advisory. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value usi...
PT-2024-6381
Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.3 Description The REXML gem has some DoS vulnerabilities when it parses an XML that has many specific characters, such as whitespace characters, and , or . This vulnerability is related to uncontrolled resource...
SUSE-SU-2022:0179-1 Security update for expat
This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior bsc1194251. - CVE-2021-46143: Fixed integer overflow in mgroupSize in doProlog bsc1194362. - CVE-2022-22822: Fixed integer overflow in...
SUSE-SU-2022:14878-1 Security update for expat
This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior bsc1194251. - CVE-2021-46143: Fixed integer overflow in mgroupSize in doProlog bsc1194362. - CVE-2022-22822: Fixed integer overflow in...
PT-2018-30: XXE Injection in Cisco Secure ACS
The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...
MGASA-2016-0263 Updated libxml2 packages fix security vulnerability
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the...