FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
53802164-3f7e-11dd-90ea-0019666436c2ruby -- multiple integer and buffer overflow vulnerabilities

The official ruby site reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.


Discovery 2008-06-19
Entry 2008-06-21
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.111_3,1

ruby_static
ge 1.8.*,1

CVE-2008-2726
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
a8674c14-83d7-11db-88d5-0012f06707f0ruby -- cgi.rb library Denial of Service

The official ruby site reports:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.


Discovery 2006-12-04
Entry 2006-12-04
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_5,1

ruby_static
ge 1.8.*,1

CVE-2006-6303
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
ab8dbe98-6be4-11db-ae91-0012f06707f0ruby -- cgi.rb library Denial of Service

Official ruby site reports:

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition.


Discovery 2006-10-25
Entry 2006-11-04
Modified 2006-12-15
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_4,1

ruby_static
ge 1.8.*,1

20777
CVE-2006-5467
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
ab8dbe98-6be4-11db-ae91-0012f06707f0ruby -- cgi.rb library Denial of Service

Official ruby site reports:

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition.


Discovery 2006-10-25
Entry 2006-11-04
Modified 2006-12-15
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_4,1

ruby_static
ge 1.8.*,1

20777
CVE-2006-5467
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
a8674c14-83d7-11db-88d5-0012f06707f0ruby -- cgi.rb library Denial of Service

The official ruby site reports:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.


Discovery 2006-12-04
Entry 2006-12-04
Modified 2010-05-12
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.5_5,1

ruby_static
ge 1.8.*,1

CVE-2006-6303
http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
53802164-3f7e-11dd-90ea-0019666436c2ruby -- multiple integer and buffer overflow vulnerabilities

The official ruby site reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.


Discovery 2008-06-19
Entry 2008-06-21
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.6.111_3,1

ruby_static
ge 1.8.*,1

CVE-2008-2726
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/