what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2021-28965

Status Candidate

Overview

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

Related Files

Debian Security Advisory 5066-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5066-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result on result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service.

tags | advisory, denial of service, arbitrary, vulnerability, imap, info disclosure, ruby
systems | linux, debian
advisories | CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819
SHA-256 | 06fe6a239e4a0b70fe9ff726baf6486b9f36b1ff6318001480327005363f19d9
Download | Favorite | View
Red Hat Security Advisory 2022-0582-01
Posted Feb 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0582-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.

tags | advisory, web, denial of service, spoof, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819
SHA-256 | 28f434c8a7e0c5a9a457c78e1d0a72539ecb56d9a3673853dd0aa3595f619eda
Download | Favorite | View
Red Hat Security Advisory 2022-0581-01
Posted Feb 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0581-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.

tags | advisory, web, denial of service, spoof, vulnerability, code execution, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2020-36327, CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, CVE-2021-41817, CVE-2021-41819
SHA-256 | 8bd21cf01e10e7a947db8efca057a501595b8383a816b9f497a90e17a13ebc45
Download | Favorite | View
Red Hat Security Advisory 2021-2588-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-3881, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965
SHA-256 | 5af35473aa05be14b339ef6700164c127af3a9a9f71ad62e2221b2b6addb8987
Download | Favorite | View
Red Hat Security Advisory 2021-2587-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and information leakage vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965
SHA-256 | 5fbf960ff4484cd6f2ef69e135f605145b9a2a39f1b978087c354f225d411a0f
Download | Favorite | View
Red Hat Security Advisory 2021-2584-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2020-25613, CVE-2021-28965
SHA-256 | 15b2e047a57627938781b690d083b349e5f03bf97589594bea480a81142efcba
Download | Favorite | View
Red Hat Security Advisory 2021-2229-01
Posted Jun 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2229-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2020-25613, CVE-2021-28965
SHA-256 | 09cf314ddadf612a7ac6a39c7b50c8561ab57a1f8f3498ac527da04b443821a9
Download | Favorite | View
Red Hat Security Advisory 2021-2230-01
Posted Jun 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2230-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-3881, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965
SHA-256 | 7f44016fa2acb5c0eef19435e7da178e870b55a93bc1aadb7ac11648d84d09ce
Download | Favorite | View
Red Hat Security Advisory 2021-2104-01.tt
Posted May 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2104-01.tt - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and information leakage vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965
SHA-256 | a48465f7ceae469f6c4a53e76d812b67eeab7919dcdf43f046cfc5753b387376
Download | Favorite | View
Ubuntu Security Notice USN-4922-2
Posted Apr 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4922-2 - USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Various other issues were also addressed.

tags | advisory, remote, ruby
systems | linux, ubuntu
advisories | CVE-2021-28965
SHA-256 | 96b1c27761aa4515d434bb88738c784659440ebe67ff98e0ef81fba1977acc46
Download | Favorite | View
Ubuntu Security Notice USN-4922-1
Posted Apr 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4922-1 - Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.

tags | advisory, remote, ruby
systems | linux, ubuntu
advisories | CVE-2021-28965
SHA-256 | cf2ecedb6dc196e4af175809b78647a6357efa199acf1dec4b27a28339ad47d1
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close