732 matches found
Medium: ruby20
Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby20 Issue Correction:...
CVE-2014-8080
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
Design/Logic Flaw
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
EUVD-2014-7929
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
CVE-2014-8080
CVE-2014-8080 affects the REXML XML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4, where specially crafted XML can cause a denial of service via XML Entity Expansion (XEE). Affected Ruby versions are vulnerable to memory (and CPU) exhaustion. Remediation ...
CVE-2014-8080
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
CVE-2014-8080
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
UBUNTU-CVE-2014-8080
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
Ruby <= 1.9 REXML Remote Denial Of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30802/info Ruby is prone to a remote denial-of-service vulnerability in its REXML module. Successful exploits may allow remote attackers to cause denial-of-service conditions in applications that use the vulnerable module...
SuSE 11.3 Security Update : Ruby (SAT Patch Number 9136)
This Ruby update fixes the following security issue : - Fixed entity expansion DoS vulnerability in REXML. CVE-2013-1821. bnc808137 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...
IBM Forms Viewer Unicode Buffer Overflow
This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms...
HP SiteScope issueSiebelCmd Remote Code Execution
This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope...
Debian DSA-2809-1 : ruby1.8 - several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consumin...
[SECURITY] [DSA 2809-1] ruby1.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2809-1 (ruby1.8 - several vulnerabilities)
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming a...
Amazon Linux AMI : ruby (ALAS-2013-173)
It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...
Amazon Linux AMI : ruby19 (ALAS-2013-195)
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and package...
ruby: entity expansion DoS vulnerability in REXML
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...
Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...