Download
| Alert*
oval:org.secpod.oval:def:1500813
Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulne ... oval:org.secpod.oval:def:1600182 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... oval:org.secpod.oval:def:52344 ruby2.0: Object-oriented scripting language - ruby2.1: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby1.8: Object-oriented scripting language Ruby could be made to consume resources. oval:org.secpod.oval:def:501466 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ... oval:org.secpod.oval:def:203500 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ... oval:org.secpod.oval:def:501469 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ... oval:org.secpod.oval:def:702293 ruby2.0: Object-oriented scripting language - ruby2.1: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby1.8: Object-oriented scripting language Ruby could be made to consume resources. oval:org.secpod.oval:def:601950 Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service or arbitrary code execution. CVE-2 ... oval:org.secpod.oval:def:1600096 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... oval:org.secpod.oval:def:601956 It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service . oval:org.secpod.oval:def:1600113 The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML d ... oval:org.secpod.oval:def:1501360 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:30961 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-30-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:203499 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ... oval:org.secpod.oval:def:30946 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted XML document containing an empty string. Successful exploitation allow attackers to crash the serv ... oval:org.secpod.oval:def:1500811 Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vul ... |