i-FTP Schedule Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in i-Ftp v2.20, caused by a long time value set for scheduled download. By persuading the victim to place a specially-crafted Schedule.xml file in the i-FTP folder, a remote attacker could execute arbitrary code on the system or cau...

CentOS 6 : ruby (CESA-2014:1911)

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

ruby, rubygem, rubygems security update

CentOS Errata and Security Advisory CESA-2014:1912 Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

ruby security update

CentOS Errata and Security Advisory CESA-2014:1911 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

Ruby 'REXML' Parser XEE Vulnerability (Nov 2014) - Windows

Ruby is prone to an XML entity expansion XEE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...

Oracle Linux 6 : ruby (ELSA-2014-1911)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1911 advisory. - Fix REXML billion laughs attack via parameter entity expansion CVE-2014-8080. Resolves: rhbz1163993 Tenable has extracted the preceding description...

Oracle Linux 7 : ruby (ELSA-2014-1912)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1912 advisory. - Fix REXML billion laughs attack via parameter entity expansion CVE-2014-8080. Resolves: rhbz1163998 - REXML incomplete fix for CVE-2014-8080...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix three security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

Moderate: Red Hat Security Advisory: ruby200-ruby security update

Updated ruby200-ruby packages that fix three security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

ruby security update

1.8.7.374-3 - Fix REXML billion laughs attack via parameter entity expansion CVE-2014-8080. Resolves: rhbz1163993 - REXML incomplete fix for CVE-2014-8080 CVE-2014-8090. Resolves: rhbz1163993...

CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

Design/Logic Flaw

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

[SECURITY] [DLA 88-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.302-2squeeze3 CVE ID : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815 CVE-2014-8080 CVE-2014-8090 This update fixes multiple local and remote denial of service and remote code execute problems: CVE-2011-0188 Properly allocate memory, to prevent arbitrary...