Lucene search
K

48 matches found

OSV
OSV
added 2015/02/09 12:0 a.m.39 views

DSA-3157-1 ruby1.9.1 - security update

Bulletin has no description...

5CVSS6.1AI score0.056EPSS
Exploits2
OpenVAS
OpenVAS
added 2015/02/08 12:0 a.m.23 views

Debian: Security Advisory (DSA-3157-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.7AI score0.056EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2014/11/26 4:9 p.m.6 views

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.8AI score0.05538EPSS
Exploits1References5
NVD
NVD
added 2014/11/21 3:59 p.m.24 views

CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.6AI score0.056EPSS
Exploits1References20
Prion
Prion
added 2014/11/21 3:59 p.m.24 views

Design/Logic Flaw

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.8AI score0.06671EPSS
Exploits2References20Affected Software1
Debian
Debian
added 2014/11/21 3:18 p.m.48 views

[SECURITY] [DLA 88-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.302-2squeeze3 CVE ID : CVE-2011-0188 CVE-2011-2686 CVE-2011-2705 CVE-2011-4815 CVE-2014-8080 CVE-2014-8090 This update fixes multiple local and remote denial of service and remote code execute problems: CVE-2011-0188 Properly allocate memory, to prevent arbitrary...

7.8CVSS7.3AI score0.056EPSS
Exploits5
EUVD
EUVD
added 2014/11/21 3:0 p.m.2 views

EUVD-2014-7937

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.7AI score0.06671EPSS
Exploits2References31
Mageia
Mageia
added 2014/11/21 12:44 p.m.60 views

Updated ruby packages fix security vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...

5CVSS7.9AI score0.056EPSS
Exploits1References5
OSV
OSV
added 2014/11/21 12:0 a.m.46 views

DLA-88-1 ruby1.8 - security update

Bulletin has no description...

7.8CVSS6.1AI score0.056EPSS
Exploits5
ArchLinux
ArchLinux
added 2014/11/17 12:0 a.m.43 views

ruby: denial of service

CPU exhaustion can occur as a result of recursive expansion with an empty string. When reading text nodes from an XML document, the REXML parser can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service...

5CVSS3.3AI score0.056EPSS
Exploits1References2
Mageia
Mageia
added 2014/11/14 12:57 a.m.35 views

Updated ruby packages fix CVE-2014-8080

Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of servic...

5CVSS5.9AI score0.05538EPSS
Exploits1References4
OSV
OSV
added 2014/11/14 12:57 a.m.4 views

MGASA-2014-0443 Updated ruby packages fix CVE-2014-8080

Updated ruby packages fix security vulnerability: Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of servic...

5CVSS6.2AI score0.05538EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2014/11/14 12:0 a.m.27 views

CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.8AI score0.056EPSS
Exploits1References3
RubySec
RubySec
added 2014/11/13 12:0 a.m.40 views

CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS5.8AI score0.056EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/06 12:0 a.m.44 views

Amazon Linux AMI : ruby21 (ALAS-2014-439)

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and...

5CVSS7.1AI score0.05538EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2014/11/06 12:0 a.m.29 views

Amazon Linux AMI : ruby20 (ALAS-2014-441)

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and...

5CVSS7.1AI score0.05538EPSS
Exploits1References2
Amazon
Amazon
added 2014/11/05 12:0 a.m.43 views

Medium: ruby20

Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby20 Issue Correction:...

5CVSS6.8AI score0.05538EPSS
Exploits1
Amazon
Amazon
added 2014/11/05 12:0 a.m.49 views

Medium: ruby21

Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby21 Issue Correction:...

5CVSS6.8AI score0.05538EPSS
Exploits1
NVD
NVD
added 2014/11/03 4:55 p.m.21 views

CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.2AI score0.05538EPSS
Exploits1References20
Prion
Prion
added 2014/11/03 4:55 p.m.32 views

Design/Logic Flaw

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.5AI score0.05538EPSS
Exploits1References20Affected Software4
Rows per page
Query Builder