Linux Distros Unpatched Vulnerability : CVE-2015-1855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - verifycertificateidentity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate...

Linux Distros Unpatched Vulnerability : CVE-2018-8778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to...

Linux Distros Unpatched Vulnerability : CVE-2015-7551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before...

Linux Distros Unpatched Vulnerability : CVE-2015-9284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework,...

Linux Distros Unpatched Vulnerability : CVE-2016-2339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable heap overflow vulnerability exists in the Fiddle::Function.new initialize function functionality of Ruby. In Fiddle::Function.new initialize heap...

Linux Distros Unpatched Vulnerability : CVE-2014-8090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial ...

Linux Distros Unpatched Vulnerability : CVE-2017-17742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby versions prior to 0.4.2, which stems from a regular expression denial of service in the UtilescapeElement method...

Linux Distros Unpatched Vulnerability : CVE-2018-8780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods...

Linux Distros Unpatched Vulnerability : CVE-2019-15845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. CVE-2019-15845 Note that Nessus relies ...

Linux Distros Unpatched Vulnerability : CVE-2017-10784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal...

Linux Distros Unpatched Vulnerability : CVE-2020-10663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2019-16254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the...

Linux Distros Unpatched Vulnerability : CVE-2019-16255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the command argument to Shell or Shelltest in...

Linux Distros Unpatched Vulnerability : CVE-2017-9229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in...

Linux Distros Unpatched Vulnerability : CVE-2018-16395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A security vulnerability exists in Ruby versions prior to 0.4.2, which stems from the CGI::Cookie.parse method not limiting the length of the original cookie value,...

Linux Distros Unpatched Vulnerability : CVE-2018-6914

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before...

Linux Distros Unpatched Vulnerability : CVE-2017-17790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a...

Linux Distros Unpatched Vulnerability : CVE-2017-17405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local...