Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

207 matches found

CVE
CVEadded 2011/12/30 1:0 a.m.124 views

CVE-2011-4838

CVE-2011-4838 affects JRuby prior to 1.6.5.1, where hash values can be triggered to collide predictably, enabling context-dependent attackers to cause a denial of service (CPU consumption) via crafted inputs in applications that use hash tables. The vulnerability is documented across multiple sou...

5CVSS6.1AI score0.07274EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVEadded 2011/12/30 1:0 a.m.40 views

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

5CVSS6.2AI score0.07274EPSS
Exploits1
FreeBSD
FreeBSDadded 2011/12/28 12:0 a.m.37 views

Multiple implementations -- DoS via hash algorithm collision

oCERT reports: A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particula...

7.8CVSS8.6AI score0.07274EPSS
Exploits3References2
RubySec
RubySecadded 2011/12/27 12:0 a.m.29 views

CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

5CVSS6.1AI score0.07274EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linuxadded 2011/11/16 11:49 p.m.2 views

jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

4.3CVSS5.7AI score0.00425EPSS
Exploits1References4
RubySec
RubySecadded 2010/04/26 12:0 a.m.21 views

CVE-2010-1330 jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

4.3CVSS5.5AI score0.00425EPSS
Exploits1References1Affected Software1
RubySec
RubySecadded 2009/12/07 12:0 a.m.18 views

jruby-openssl Gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS3.9AI score0.00255EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder