The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2028 advisory.
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. (CVE-2017-17742)
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a … (dot dot) in the prefix argument. (CVE-2018-6914)
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). (CVE-2018-8777)
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. (CVE-2018-8779)
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
(CVE-2018-16396)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000073)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the gem owner
command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000074)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop… This vulnerability appears to have been fixed in 2.7.6.
(CVE-2018-1000075)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures… This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.
(CVE-2018-1000077)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server.
This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000078)
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
(CVE-2018-8778)
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. (CVE-2018-8780)
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000079)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-2028.
##
include('compat.inc');
if (description)
{
script_id(180804);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");
script_cve_id(
"CVE-2017-17742",
"CVE-2018-6914",
"CVE-2018-8777",
"CVE-2018-8778",
"CVE-2018-8779",
"CVE-2018-8780",
"CVE-2018-16396",
"CVE-2018-1000073",
"CVE-2018-1000074",
"CVE-2018-1000075",
"CVE-2018-1000076",
"CVE-2018-1000077",
"CVE-2018-1000078",
"CVE-2018-1000079"
);
script_name(english:"Oracle Linux 7 : ruby (ELSA-2019-2028)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2019-2028 advisory.
- Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows
an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response
for the HTTP server of WEBrick. (CVE-2017-17742)
- Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10,
2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to
create arbitrary directories or files via a .. (dot dot) in the prefix argument. (CVE-2018-6914)
- In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an
attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to
WEBrick server/handler and cause a denial of service (memory consumption). (CVE-2018-8777)
- In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the
UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an
unintended socket. (CVE-2018-8779)
- An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before
2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
(CVE-2018-16396)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory
Traversal vulnerability in install_location function of package.rb that can result in path traversal when
writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in
2.7.6. (CVE-2018-1000073)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a
Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This
attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially
crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000074)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite
loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative
size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
(CVE-2018-1000075)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper
Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem
could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to
have been fixed in 2.7.6. (CVE-2018-1000076)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper
Input Validation vulnerability in ruby gems specification homepage attribute that can result in a
malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.
(CVE-2018-1000077)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site
Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This
attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server.
This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000078)
- In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an
attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer
under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
(CVE-2018-8778)
- In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the
Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the
corresponding method, unintentional directory traversal may be performed. (CVE-2018-8780)
- RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:
2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory
Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem
locations during installation. This attack appear to be exploitable via the victim must install a
malicious gem. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000079)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-2028.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8780");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-1000076");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/26");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-tcltk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-minitest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rake");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rdoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'ruby-doc-2.0.0.648-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-irb-2.0.0.648-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-minitest-4.3.2-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rake-0.9.6-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rdoc-4.0.0-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-2.0.14.1-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-devel-2.0.14.1-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-tcltk-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-1.2.0-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.4.2-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-1.7.7-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-2.0.0-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-2.0.0.648-36.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-tcltk-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-1.2.0-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.4.2-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-1.7.7-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-2.0.0-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | linux | 7 | cpe:/o:oracle:linux:7 |
oracle | linux | ruby | p-cpe:/a:oracle:linux:ruby |
oracle | linux | ruby-devel | p-cpe:/a:oracle:linux:ruby-devel |
oracle | linux | ruby-doc | p-cpe:/a:oracle:linux:ruby-doc |
oracle | linux | ruby-irb | p-cpe:/a:oracle:linux:ruby-irb |
oracle | linux | ruby-libs | p-cpe:/a:oracle:linux:ruby-libs |
oracle | linux | ruby-tcltk | p-cpe:/a:oracle:linux:ruby-tcltk |
oracle | linux | rubygem-bigdecimal | p-cpe:/a:oracle:linux:rubygem-bigdecimal |
oracle | linux | rubygem-io-console | p-cpe:/a:oracle:linux:rubygem-io-console |
oracle | linux | rubygem-json | p-cpe:/a:oracle:linux:rubygem-json |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16396
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6914
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8777
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8780
linux.oracle.com/errata/ELSA-2019-2028.html