FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321338
Date:      2013-06-19
Time:      21:56:56Z
Committer: jgh

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
53802164-3f7e-11dd-90ea-0019666436c2	ruby -- multiple integer and buffer overflow vulnerabilities The official ruby site reports: Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code. Discovery 2008-06-19 Entry 2008-06-21 ruby ruby+pthreads ruby+pthreads+oniguruma ruby+oniguruma ge 1.8.,1 lt 1.8.6.111_3,1 ruby_static ge 1.8.,1 CVE-2008-2726 http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
a8674c14-83d7-11db-88d5-0012f06707f0	ruby -- cgi.rb library Denial of Service The official ruby site reports: Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service. Discovery 2006-12-04 Entry 2006-12-04 Modified 2010-05-12 ruby ruby+pthreads ruby+pthreads+oniguruma ruby+oniguruma ge 1.8.,1 lt 1.8.5_5,1 ruby_static ge 1.8.,1 CVE-2006-6303 http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
ab8dbe98-6be4-11db-ae91-0012f06707f0	ruby -- cgi.rb library Denial of Service Official ruby site reports: A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition. Discovery 2006-10-25 Entry 2006-11-04 Modified 2006-12-15 ruby ruby+pthreads ruby+pthreads+oniguruma ruby+oniguruma ge 1.8.,1 lt 1.8.5_4,1 ruby_static ge 1.8.,1 20777 CVE-2006-5467 http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
ab8dbe98-6be4-11db-ae91-0012f06707f0	ruby -- cgi.rb library Denial of Service Official ruby site reports: A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition. Discovery 2006-10-25 Entry 2006-11-04 Modified 2006-12-15 ruby ruby+pthreads ruby+pthreads+oniguruma ruby+oniguruma ge 1.8.,1 lt 1.8.5_4,1 ruby_static ge 1.8.,1 20777 CVE-2006-5467 http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
a8674c14-83d7-11db-88d5-0012f06707f0	ruby -- cgi.rb library Denial of Service The official ruby site reports: Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service. Discovery 2006-12-04 Entry 2006-12-04 Modified 2010-05-12 ruby ruby+pthreads ruby+pthreads+oniguruma ruby+oniguruma ge 1.8.,1 lt 1.8.5_5,1 ruby_static ge 1.8.,1 CVE-2006-6303 http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
53802164-3f7e-11dd-90ea-0019666436c2	ruby -- multiple integer and buffer overflow vulnerabilities The official ruby site reports: Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code. Discovery 2008-06-19 Entry 2008-06-21 ruby ruby+pthreads ruby+pthreads+oniguruma ruby+oniguruma ge 1.8.,1 lt 1.8.6.111_3,1 ruby_static ge 1.8.,1 CVE-2008-2726 http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/