Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.2.2018.1374 |
Category: | Huawei EulerOS Local Security Checks |
Title: | Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1374) |
Summary: | The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2018-1374 advisory. |
Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'ruby' package(s) announced via the EulerOS-SA-2018-1374 advisory. Vulnerability Insight: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080) The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090) Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.(CVE-2014-4975) Affected Software/OS: 'ruby' package(s) on Huawei EulerOS Virtualization 2.5.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-4975 BugTraq ID: 68474 http://www.securityfocus.com/bid/68474 Debian Security Information: DSA-3157 (Google Search) http://www.debian.org/security/2015/dsa-3157 http://www.mandriva.com/security/advisories?name=MDVSA-2015:129 http://www.openwall.com/lists/oss-security/2014/07/09/13 RedHat Security Advisories: RHSA-2014:1912 http://rhn.redhat.com/errata/RHSA-2014-1912.html RedHat Security Advisories: RHSA-2014:1913 http://rhn.redhat.com/errata/RHSA-2014-1913.html RedHat Security Advisories: RHSA-2014:1914 http://rhn.redhat.com/errata/RHSA-2014-1914.html http://www.ubuntu.com/usn/USN-2397-1 XForce ISS Database: ruby-cve20144975-bo(94706) https://exchange.xforce.ibmcloud.com/vulnerabilities/94706 Common Vulnerability Exposure (CVE) ID: CVE-2014-8080 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BugTraq ID: 70935 http://www.securityfocus.com/bid/70935 Debian Security Information: DSA-3159 (Google Search) http://www.debian.org/security/2015/dsa-3159 RedHat Security Advisories: RHSA-2014:1911 http://rhn.redhat.com/errata/RHSA-2014-1911.html http://secunia.com/advisories/61607 http://secunia.com/advisories/62050 http://secunia.com/advisories/62748 SuSE Security Announcement: openSUSE-SU-2014:1589 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html SuSE Security Announcement: openSUSE-SU-2015:0002 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0007 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8090 BugTraq ID: 71230 http://www.securityfocus.com/bid/71230 http://secunia.com/advisories/59948 http://www.ubuntu.com/usn/USN-2412-1 |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |