FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
34e0316a-aa91-11df-8c2e-001517289bf8ruby -- UTF-7 encoding XSS vulnerability in WEBrick

The official ruby site reports:

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.


Discovery 2010-08-16
Entry 2010-08-17
Modified 2010-08-20
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.7.248_3,1

ge 1.9.*,1 lt 1.9.1.430,1

40895
CVE-2010-0541
http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/
53802164-3f7e-11dd-90ea-0019666436c2ruby -- multiple integer and buffer overflow vulnerabilities

The official ruby site reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.


Discovery 2008-06-19
Entry 2008-06-21
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.111_3,1

ruby_static
ge 1.8.*,1

CVE-2008-2726
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
62e0fbe5-5798-11de-bb78-001cc0377035ruby -- BigDecimal denial of service vulnerability

The official ruby site reports:

A denial of service (DoS) vulnerability was found on the BigDecimal standard library of Ruby. Conversion from BigDecimal objects into Float numbers had a problem which enables attackers to effectively cause segmentation faults.

An attacker can cause a denial of service by causing BigDecimal to parse an insanely large number, such as:

BigDecimal("9E69999999").to_s("F")


Discovery 2009-06-09
Entry 2009-06-13
Modified 2010-05-02
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.7.160_1,1

35278
CVE-2009-1904
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
959d384d-6b59-11dd-9d79-001fc61c2a55ruby -- DNS spoofing vulnerability

The official ruby site reports:

resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports.


Discovery 2008-08-08
Entry 2008-08-16
Modified 2009-02-09
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.111_5,1

ge 1.9.*,1 lt 1.9.1.0,1

CVE-2008-1447
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
a8674c14-83d7-11db-88d5-0012f06707f0ruby -- cgi.rb library Denial of Service

The official ruby site reports:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.


Discovery 2006-12-04
Entry 2006-12-04
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_5,1

ruby_static
ge 1.8.*,1

CVE-2006-6303
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
ab8dbe98-6be4-11db-ae91-0012f06707f0ruby -- cgi.rb library Denial of Service

Official ruby site reports:

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition.


Discovery 2006-10-25
Entry 2006-11-04
Modified 2006-12-15
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_4,1

ruby_static
ge 1.8.*,1

20777
CVE-2006-5467
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
c329712a-6b5b-11dd-9d79-001fc61c2a55ruby -- multiple vulnerabilities in safe level

The official ruby site reports:

Several vulnerabilities in safe level have been discovereds:.

  • untrace_var is permitted at safe level 4;
  • $PROGRAM_NAME may be modified at safe level 4;
  • insecure methods may be called at safe level 1-3;
  • syslog operations are permitted at safe level 4;
  • dl doesn't check taintness, so it could allow attackers to call dangerous functions.

Discovery 2008-08-08
Entry 2008-08-16
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.287,1

ge 1.9.*,1 lt 1.9.1.0,1

CVE-2008-3655
CVE-2008-3656
CVE-2008-3905
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
f7ba20aa-6b5a-11dd-9d79-001fc61c2a55ruby -- DoS vulnerability in WEBrick

The official ruby site reports:

WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.split_header_value.


Discovery 2008-08-08
Entry 2008-08-16
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.111_5,1

ge 1.9.*,1 lt 1.9.1.0,1

CVE-2008-3655
CVE-2008-3656
CVE-2008-3905
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/