REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

CVE Database V5

Detailed information about CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml affecting ruby rexml. Get real-time updates, techni

CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.

Detailed information about CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPuri

CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPurify - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPurify

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Detailed information about CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid affecting squid-cache squid. Get real-time updates, technical 

CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

Detailed information about CVE-2024-45239: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-45239: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-45239: n/a

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing.

Detailed information about CVE-2024-45238: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-45238: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-45238: n/a

FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c.

Detailed information about CVE-2024-35368: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-35368: n/a

CVE-2024-35368: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2024-49761: CWE-1333: Inefficient Regular Expression Complexity in ruby rexml

CVE-2024-48910: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in cure53 DOMPurify

CVE-2024-45802: CWE-20: Improper Input Validation in squid-cache squid

CVE-2024-45239: n/a

CVE-2024-45238: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility