Debian: Security Advisory (DLA-2192-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-2158-1 ruby2.1 - security update

Bulletin has no description...

DLA-2007-1 ruby2.1 - security update

Bulletin has no description...

DLA-1735-1 ruby2.1 - security update

Bulletin has no description...

XML Entity Expansion (XEE)

ruby is vulnerable to XML Entity Expansion XEE attacks. The vulnerability exists as the REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Enti...

Debian: Security Advisory (DLA-1480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1480-1 : ruby2.1 security update

Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337 Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution. CVE-2018-1000073 RubyGems contains a Directory Travers...

[SECURITY] [DLA 1480-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u5 CVE ID : CVE-2016-2337 CVE-2018-1000073 CVE-2018-1000074 Debian Bug : 895778 851161 Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337 Type confusion exists in canceleval Rubys TclTkIp class method. Attacker passing different type of obje...

DLA-1480-1 ruby2.1 - security update

Bulletin has no description...

DLA-1421-1 ruby2.1 - security update

Bulletin has no description...

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

BackBox Linux 4.2 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable...

Amazon Linux AMI : ruby20 (ALAS-2014-441)

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and...

Medium: ruby21

Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby21 Issue Correction:...

CVE-2013-4164

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...