Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.10 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : PHP vulnerabilities (USN-7648-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7648-1 advisory. It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use thi...

7.5CVSS6.8AI score0.00953EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2025/07/17 3:25 p.m.14 views

USN-7648-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...

7.5CVSS6.8AI score0.00953EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.9 views

TencentOS Server 3: ruby:3.3 (TSSA-2024:0775)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0775 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.2AI score0.01493EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/04/25 12:0 a.m.58 views

Tenable Nessus < 10.8.4 Multiple Vulnerabilities (TNS-2025-05)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-05 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference ...

9.8CVSS7.5AI score0.01569EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/12/12 12:0 a.m.30 views

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2024-2972)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pul...

7.5CVSS7.2AI score0.01493EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/11/21 3:39 a.m.20 views

USN-7091-2: Ruby vulnerabilities

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...

8.7CVSS7.2AI score0.02064EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.20 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2914)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby.The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull...

7.5CVSS7.1AI score0.02064EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.15 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : Ruby vulnerabilities (USN-7091-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7091-1 advisory. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value usi...

8.7CVSS7.1AI score0.02064EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.5 views

PT-2024-6381

Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.3 Description The REXML gem has some DoS vulnerabilities when it parses an XML that has many specific characters, such as whitespace characters, and , or . This vulnerability is related to uncontrolled resource...

8.7CVSS7.3AI score0.02064EPSS
Exploits1References174
OSV
OSV
added 2022/01/25 1:18 p.m.12 views

SUSE-SU-2022:0179-1 Security update for expat

This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior bsc1194251. - CVE-2021-46143: Fixed integer overflow in mgroupSize in doProlog bsc1194362. - CVE-2022-22822: Fixed integer overflow in...

9.8CVSS9.1AI score0.04829EPSS
Exploits2References17
OSV
OSV
added 2022/01/25 12:57 p.m.11 views

SUSE-SU-2022:14878-1 Security update for expat

This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior bsc1194251. - CVE-2021-46143: Fixed integer overflow in mgroupSize in doProlog bsc1194362. - CVE-2022-22822: Fixed integer overflow in...

9.8CVSS9.1AI score0.04829EPSS
Exploits2References17
Positive Technologies
Positive Technologies
added 2017/06/01 12:0 a.m.14 views

PT-2018-30: XXE Injection in Cisco Secure ACS

The specialists of the Positive Research center have detected an XXE Injection vulnerability in Cisco Secure ACS. A vulnerability in the web-based user interface of the Cisco Secure Access Control Server, due to improper handling of XML External Entities XXEs when parsing an XML file, could allow...

5.3CVSS4.6AI score0.01526EPSS
Exploits0References3
OSV
OSV
added 2016/07/26 9:59 p.m.10 views

MGASA-2016-0263 Updated libxml2 packages fix security vulnerability

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the...

10CVSS7.7AI score0.1398EPSS
Exploits11References5
Rows per page
Query Builder