Lucene search
K

36 matches found

OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.28 views

Amazon Linux: Security Advisory (ALAS-2013-173)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.06671EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2014/11/26 4:52 p.m.4 views

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.8AI score0.056EPSS
Exploits2References5
NVD
NVD
added 2014/11/21 3:59 p.m.24 views

CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.6AI score0.056EPSS
Exploits1References20
Prion
Prion
added 2014/11/21 3:59 p.m.24 views

Design/Logic Flaw

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.8AI score0.06671EPSS
Exploits2References20Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.33 views

openSUSE Security Update : ruby (openSUSE-SU-2013:0603-1)

Ruby 1.8 was updated to fix a XML entity expansion denial of service attack CVE-2013-1821 Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also : - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269 - limit entity...

7.5CVSS7.2AI score0.13911EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/05/21 12:0 a.m.33 views

SuSE 11.3 Security Update : Ruby (SAT Patch Number 9136)

This Ruby update fixes the following security issue : - Fixed entity expansion DoS vulnerability in REXML. CVE-2013-1821. bnc808137 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text...

5CVSS7.5AI score0.06671EPSS
Exploits0References3
Debian
Debian
added 2013/12/04 9:28 p.m.61 views

[SECURITY] [DSA 2809-1] ruby1.8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...

6.8CVSS2.4AI score0.34968EPSS
Exploits3
Debian
Debian
added 2013/12/04 9:28 p.m.46 views

[SECURITY] [DSA 2809-1] ruby1.8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...

6.8CVSS7.8AI score0.34968EPSS
Exploits3
OpenVAS
OpenVAS
added 2013/12/03 12:0 a.m.28 views

Debian: Security Advisory (DSA-2809-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.2AI score0.34968EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.39 views

Amazon Linux AMI : ruby19 (ALAS-2013-195)

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and package...

5CVSS8.1AI score0.06671EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.29 views

Amazon Linux AMI : ruby (ALAS-2013-173)

It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...

5CVSS8.3AI score0.06671EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/08/29 11:22 p.m.46 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.0.0 patch 2

Red Hat JBoss Fuse 6.0.0 patch 2, which fixes several security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

7.5CVSS6.8AI score0.32259EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2013/08/20 12:0 a.m.35 views

Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...

6.8CVSS7.9AI score0.06671EPSS
Exploits0References8
Debian
Debian
added 2013/08/18 4:58 p.m.40 views

[SECURITY] [DSA 2738-1] ruby1.9.1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2738-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 18, 2013 http://www.debian.org/security/faq -...

6.8CVSS6.5AI score0.06671EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/08/18 12:0 a.m.34 views

Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...

6.8CVSS0.1AI score0.06671EPSS
Exploits0References1
OSV
OSV
added 2013/08/18 12:0 a.m.32 views

DSA-2738-1 ruby1.9.1 - several

Bulletin has no description...

6.8CVSS6.3AI score0.06671EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/08/17 12:0 a.m.34 views

Debian: Security Advisory (DSA-2738-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS9.6AI score0.06671EPSS
Exploits0References3
Amazon
Amazon
added 2013/05/24 12:0 a.m.46 views

Medium: ruby19

Issue Overview: lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby19 Issue Correction: Run yum...

5CVSS8.5AI score0.06671EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.32 views

Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)

Updated ruby packages fix security vulnerabilities : Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions CVE-2012-4466, CVE-2012-4481. It was...

5CVSS8AI score0.06671EPSS
Exploits1References3
NVD
NVD
added 2013/04/09 9:55 p.m.26 views

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.9AI score0.06671EPSS
Exploits0References23
Rows per page
Query Builder