13974 matches found
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...
RHCOS 6 : ruby193-ruby, rubygem-json and rubygem-rdoc (RHSA-2013:0701)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0701 advisory. - rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template CVE-2013-0256 -...
RHCOS 6 : rubygem (RHSA-2013:0728)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0728 advisory. - rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template CVE-2013-0256 Note that Nessus h...
net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...
RHCOS 1 : ruby193-ruby (RHSA-2013:1137)
The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1137 advisory. - ruby: hostname check bypassing vulnerability in SSL client CVE-2013-4073 Note that Nessus has not tested for this issue but has instead...
PT-2026-36987
Name of the Vulnerable Software and Affected Versions net-imap affected versions not specified Description A hostile IMAP server can trigger a computational denial-of-service attack on the client process during authentication using SCRAM-SHA1 or SCRAM-SHA256. By sending an arbitrarily large PBKDF...
RHCOS 6 : Ruby on Rails (RHSA-2013:0153)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. - rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack CVE-2013-0156 Note that Nessus has not tested for this...
Astra Linux - уязвимость в ruby2.5
REXML is an XML toolkit for Ruby. The REXML gem prior to version 3.3.9 has a ReDoS vulnerability when it parses an XML document containing many digits between “&” and “x…” in a hexadecimal character reference &x…. This issue does not occur in Ruby 3.2 or later versions. Ruby 3.1 is the only...
Astra Linux - уязвимость в ruby-rack
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforced its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...
Astra Linux - уязвимость в ruby-websocket-extensions
The websocket-extensions Ruby module before version 0.1.5 allowed Denial of Service DoS attacks through Regex backtracking. The extension parser could take quadratic time when parsing a header containing an unclosed string parameter value whose content was a repeated two-byte sequence of a...
Astra Linux - уязвимость в ruby2.5
In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...
Astra Linux - уязвимость в ruby2.5
In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...
Astra Linux - уязвимость в ruby2.5
A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...
Astra Linux - уязвимость в ruby2.5
There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...
Astra Linux - уязвимость в ruby-sinatra
In versions of Sinatra before 2.2.0, it does not validate that the expanded path matches publicdir when serving static files...
Astra Linux - уязвимость в ruby-rails-html-sanitizer
Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...
Astra Linux - уязвимость в puma
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...
Astra Linux - уязвимость в ruby2.5
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...
Astra Linux - уязвимость в ruby2.5
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Astra Linux - уязвимость в ruby-rack
A security vulnerability exists in versions of Rack 2.2.3 and Rack 2.1.4, where reliance on cookies without validation/integrity checks allows an attacker to forge a secure or host-only cookie prefix...