FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1daea60a-4719-11da-b5c6-0004614cc33druby -- vulnerability in the safe level settings

Ruby home page reports:

The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms: safe level and taint flag on objects.

A vulnerability has been found that allows bypassing these mechanisms.

By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code.


Discovery 2005-10-02
Entry 2005-10-27
ruby
ruby_static
gt 1.6.* lt 1.6.8.2004.07.28_2

gt 1.8.* lt 1.8.2_5

CVE-2005-2337
http://www.ruby-lang.org/en/20051003.html
53802164-3f7e-11dd-90ea-0019666436c2ruby -- multiple integer and buffer overflow vulnerabilities

The official ruby site reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.


Discovery 2008-06-19
Entry 2008-06-21
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.111_3,1

ruby_static
ge 1.8.*,1

CVE-2008-2726
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
594eb447-e398-11d9-a8bd-000cf18bbe54ruby -- arbitrary command execution on XMLRPC server

Nobuhiro IMAI reports:

the default value modification on Module#public_instance_methods (from false to true) breaks s.add_handler(XMLRPC::iPIMethods("sample"), MyHandler.new) style security protection.

This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby.


Discovery 2005-06-22
Entry 2005-06-23
Modified 2005-11-06
ruby
ruby_static
gt 1.8.* lt 1.8.2_3

CVE-2005-1992
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064
76562594-1f19-11db-b7d4-0008743bf21aruby -- multiple vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.

  1. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.
  2. An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.

Discovery 2006-07-12
Entry 2006-07-29
Modified 2006-07-30
ruby
ruby_static
gt 1.6.* lt 1.8.*

gt 1.8.* lt 1.8.4_9,1

18944
CVE-2006-3694
http://secunia.com/advisories/21009/
http://jvn.jp/jp/JVN%2383768862/index.html
http://jvn.jp/jp/JVN%2313947696/index.html
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0

php54
php53
php52
php5
php4
ge 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
ge 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
ge 0

apache21
apache20
apache13
ge 0

tomcat55
tomcat41
ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0

ports/211975
a8674c14-83d7-11db-88d5-0012f06707f0ruby -- cgi.rb library Denial of Service

The official ruby site reports:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.


Discovery 2006-12-04
Entry 2006-12-04
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_5,1

ruby_static
ge 1.8.*,1

CVE-2006-6303
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
ab8dbe98-6be4-11db-ae91-0012f06707f0ruby -- cgi.rb library Denial of Service

Official ruby site reports:

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition.


Discovery 2006-10-25
Entry 2006-11-04
Modified 2006-12-15
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_4,1

ruby_static
ge 1.8.*,1

20777
CVE-2006-5467
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html