[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84044

 
 

133

 
 
Paid content will be excluded from the download.

Filter
Matches : 83793 Download | Alert*

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack.

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved ...

rubygem20 subpackages are installed

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved ...

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service via a crafted XML document, aka an XML Entity Expansion attack.

rubygem19 subpackages are installed

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved ...

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service via crafted text nodes in an XML document, aka an XML Entity Expansion attack.

The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL clients to accept certain certificates as valid against RFC 6125 recommendations.

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class t ...


Pages:      Start    7845    7846    7847    7848    7849    7850    7851    7852    7853    7854    7855    7856    7857    7858    ..   8379

© 2013 SecPod Technologies