Lucene search
K

4 matches found

CVE
CVE
added 2014/11/03 4:0 p.m.138 views

CVE-2014-8080

CVE-2014-8080 affects the REXML XML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4, where specially crafted XML can cause a denial of service via XML Entity Expansion (XEE). Affected Ruby versions are vulnerable to memory (and CPU) exhaustion. Remediation ...

5CVSS5.5AI score0.05538EPSS
CVE
CVE
added 2014/11/15 8:0 p.m.124 views

CVE-2014-4975

CVE-2014-4975 is an off-by-one stack-based buffer overflow in the encodes() function (pack.c) of Ruby 1.9.3 and earlier, and 2.x through 2.1.2, triggered by certain format string specifiers. This can cause a denial of service via segmentation fault. Connected advisories note this Ruby pack() issu...

5CVSS5.4AI score0.03893EPSS
CVE
CVE
added 2014/11/21 3:0 p.m.116 views

CVE-2014-8090

The CVE-2014-8090 issue is a vulnerability in Ruby’s REXML XML parser that can be exploited via crafted XML documents containing an empty string in repeated nested entities, causing CPU and memory exhaustion (XEE). Affected are Ruby 1.9.x before 1.9.3 patchlevel 551, Ruby 2.0.x before 2.0.0 patch...

5CVSS5.8AI score0.056EPSS
CVE
CVE
added 2014/04/24 11:0 p.m.61 views

CVE-2014-2734

The CVE-2014-2734 entry concerns the Ruby OpenSSL extension in Ruby 2.x, where the process memory state may not be correctly maintained after reopening a file, enabling remote attackers to spoof signatures during signature verification after specific filesystem operations. SUSE/PT-2019-4673 and P...

5.8CVSS6.9AI score0.05349EPSS