36 matches found
Amazon Linux: Security Advisory (ALAS-2013-173)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ruby: REXML incomplete fix for CVE-2014-8080
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...
CVE-2014-8090
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...
Design/Logic Flaw
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...
openSUSE Security Update : ruby (openSUSE-SU-2013:0603-1)
Ruby 1.8 was updated to fix a XML entity expansion denial of service attack CVE-2013-1821 Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also : - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269 - limit entity...
SuSE 11.3 Security Update : Ruby (SAT Patch Number 9136)
This Ruby update fixes the following security issue : - Fixed entity expansion DoS vulnerability in REXML. CVE-2013-1821. bnc808137 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...
[SECURITY] [DSA 2809-1] ruby1.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2809-1] ruby1.8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2809-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : ruby19 (ALAS-2013-195)
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and package...
Amazon Linux AMI : ruby (ALAS-2013-173)
It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.0.0 patch 2
Red Hat JBoss Fuse 6.0.0 patch 2, which fixes several security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...
[SECURITY] [DSA 2738-1] ruby1.9.1 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2738-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 18, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...
DSA-2738-1 ruby1.9.1 - several
Bulletin has no description...
Debian: Security Advisory (DSA-2738-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: ruby19
Issue Overview: lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby19 Issue Correction: Run yum...
Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)
Updated ruby packages fix security vulnerabilities : Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions CVE-2012-4466, CVE-2012-4481. It was...
CVE-2013-1821
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...