Dbd::pg Security Vulnerabilities

AlmaLinux 8 : ruby:2.6 (ALSA-2022:0543)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0543 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means...

Siemens Industrial Products (Update F)

EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Siemens Industrial Products containing certain processors Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Oracle Linux 8 : ELSA-2022-0672-1: / ruby:2.5 (ELSA-2022-06721)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-06721 advisory. In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...

ruby:2.5 security update

ruby [2.5.9-109.0.1] - Rebuild with a dependency containing fix for Orabug: 33921593 [2.5.9-109] - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 [2.5.9-108] - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping...

pg-bielefeld.de Improper Access Control vulnerability OBB-2407444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Oracle Linux 8 : ruby:2.5 (ELSA-2022-0672)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0672 advisory. In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...

ruby:2.5 security update

ruby [2.5.9-109] - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 [2.5.9-108] - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response...

CentOS 8 : ruby:2.5 (CESA-2022:0672)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0672 advisory. rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799) ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary...

ruby:2.5 security update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....

(RHSA-2022:0672) Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799) ruby: FTP PASV command response can cause Net::FTP to...

RHEL 8 : ruby:2.5 (RHSA-2022:0672)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0672 advisory. rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799) ruby: FTP PASV command response can cause Net::FTP to connect to...

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799) * ruby: FTP PASV command response can cause Net::FTP to.....

RHEL 8 : ruby:2.6 (RHSA-2022:0581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0581 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) ruby: Regular expression denial of service...

RHEL 8 : ruby:2.6 (RHSA-2022:0582)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0582 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) ruby: Regular expression denial of service...

(RHSA-2022:0582) Important: ruby:2.6 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ruby:...

(RHSA-2022:0581) Important: ruby:2.6 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ruby:...

RHEL 8 : ruby:2.6 (RHSA-2022:0543)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0543 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) rubygem-rdoc:...

ruby:2.5 security update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the.....

Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) For more...

(RHSA-2022:0545) Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) For more...

(RHSA-2022:0544) Important: ruby:2.6 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...

(RHSA-2022:0548) Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) For more...

(RHSA-2022:0547) Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) For more...

(RHSA-2022:0546) Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) For more...

ruby:2.6 security update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is.....

Important: ruby:2.6 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...

(RHSA-2022:0543) Important: ruby:2.6 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) ...

ruby:2.5 security update

rubygem-bundler [1.16.1-4] - Fix Bundler dependency confusion. Resolves:...

ruby:2.6 security update

ruby [2.6.9-108] - Upgrade to Ruby 2.6.9. - Skip JIT tests in RHEL 8. - Fix the issues required to start the 'make test-bundler' itself. - Fix Bundler dependency confusion. Resolves:...

CentOS 8 : ruby:2.6 (CESA-2022:0543)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0543 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) rubygem-rdoc: Command...

Oracle Linux 8 : ruby:2.6 (ELSA-2022-0543)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0543 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means...

Oracle Linux 8 : ruby:2.5 (ELSA-2022-0545)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0545 advisory. Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a...

RHEL 8 : ruby:2.6 (RHSA-2022:0544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0544 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) rubygem-rdoc:...

All Vulnerabilities for leis.camaracasabranca.sp.gov.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| leis.camaracasabranca.sp.gov.br ...

mail.camarapousoredondo.sc.gov.br Cross Site Scripting vulnerability OBB-2373086

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| mail.camarapousoredondo.sc.gov.br ...

All Vulnerabilities for leis.camaracasabranca.sp.gov.br Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| leis.camaracasabranca.sp.gov.br ...

mail.camarapousoredondo.sc.gov.br Cross Site Scripting vulnerability OBB-2369867

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| mail.camarapousoredondo.sc.gov.br ...

Rocky Linux 8 : ruby:2.5 (RLSA-2021:2587)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2587 advisory. Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845) ...

Rocky Linux 8 : pcs (RLSA-2020:2462)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2462 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation...

Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2588 advisory. Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the...

Rocky Linux 8 : ruby:2.7 (RLSA-2021:2584)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2584 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2020-15782)

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-120...

CVE-2021-41837

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to.....

CVE-2021-41838

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum...

CVE-2021-42059

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE...

CVE-2021-42554

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a...

CVE-2021-33625

An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel...

CVE-2021-33627

An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel...

CVE-2020-5953

A vulnerability exists in System Management Interrupt (SWSMI) handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT (EFI_RUNTIME_SERVICES) pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM (escalating....

pg-ceochallenge.com Open Redirect vulnerability OBB-2348798

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...