CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41946 – REXML DoS vulnerability
https://notcve.org/view.php?id=CVE-2024-41946
The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. ... Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. • https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368 https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4 https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946 https://access.redhat.com/security/cve/CVE-2024-41946 https://bugzilla.redhat.com/show_bug.cgi? • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41123 – REXML DoS vulnerability
https://notcve.org/view.php?id=CVE-2024-41123
The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. ... When parsing an untrusted XML with many specific characters, the REXML gem may take a long time, leading to a denial of service condition. • https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8 https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6 https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123 https://access.redhat.com/security/cve/CVE-2024-41123 https://bugzilla.redhat.com/show_bug.cgi? • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38481
https://notcve.org/view.php?id=CVE-2024-38481
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38490
https://notcve.org/view.php?id=CVE-2024-38490
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38489
https://notcve.org/view.php?id=CVE-2024-38489
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. • https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities • CWE-787: Out-of-bounds Write •