Lucene search
+L

148 matches found

Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.8 views

PT-2023-18702 · Ruby +5 · Ruby +5

Name of the Vulnerable Software and Affected Versions: Active Support versions prior to 6.1.7.1 Active Support versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Inflector.underscore method, which can lead to a regular expression based DoS...

9.8CVSS6AI score0.04808EPSS
Exploits10References92
Broadcom
Broadcom
added 2022/11/01 12:0 a.m.61 views

CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...

7.5CVSS1.9AI score0.02846EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.40 views

CVE-2018-0732. Client DoS due to large DH parameter.

Security Advisory ID : BSA-2022-627 Component : OpenSSL Revision : 1.0 During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key...

7.5CVSS7.6AI score0.49268EPSS
Exploits0
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.55 views

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

Security Advisory ID : BSA-2022-2073 Component : GNU Coreutils Revision : 1.0 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of...

7.1CVSS4.7AI score0.00348EPSS
Exploits1
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.43 views

CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...

4.7CVSS3AI score0.00348EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.6 views

rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

9.8CVSS7AI score0.45732EPSS
Exploits5References5
GithubExploit
GithubExploit
added 2020/05/20 4:27 a.m.19 views

Exploit for Deserialization of Untrusted Data in Rubyonrails Rails

CVE-2020-8165 Ruby on Rails For educational purposes only...

9.8CVSS7.3AI score0.45732EPSS
Exploits5
OSV
OSV
added 2018/09/17 9:57 p.m.8 views

GHSA-35C4-F3RQ-F9G3 Moderate severity vulnerability that affects activesupport

Withdrawn, accidental duplicate publish. The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

5CVSS7.3AI score0.04261EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/08/21 12:0 a.m.8 views

The vulnerability of the active-support gem for the Ruby programming language, which allows a hacker to execute arbitrary code.

The vulnerability of the active-support gem for the Ruby programming language is related to the use of hidden malicious code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS5.9AI score0.06129EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2018/08/13 3:2 p.m.19 views

active-support impersonates 'activesupport' gem

The active-support ruby gem gem is malware and duplicates the official activesupport no hyphen gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain 29faea63.planfhntage.de, downloads a payload, and executes. This trojan horse gem could allow a remote...

10CVSS5.5AI score0.06129EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/08/13 3:2 p.m.29 views

GHSA-2J55-PCW5-X4H2 active-support impersonates 'activesupport' gem

The active-support ruby gem gem is malware and duplicates the official activesupport no hyphen gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain 29faea63.planfhntage.de, downloads a payload, and executes. This trojan horse gem could allow a remote...

10CVSS9.6AI score0.06129EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2018/08/13 12:0 a.m.38 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

10CVSS6AI score0.06129EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/08/10 9:29 p.m.15 views

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

10CVSS9.7AI score0.06129EPSS
Exploits1References1
OSV
OSV
added 2018/08/10 9:29 p.m.2 views

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

9.8CVSS6.2AI score0.06129EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/08/10 9:29 p.m.18 views

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

10CVSS7.6AI score0.06129EPSS
Exploits1References2
Prion
Prion
added 2018/08/10 9:29 p.m.16 views

Code injection

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

10CVSS9.6AI score0.06129EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/10 9:0 p.m.51 views

CVE-2018-3779

CVE-2018-3779 affects the active-support Ruby gem (version 5.2.0): the gem contains a malicious backdoor trojan that duplicates the official activesupport gem and installs a compiled extension. The extension resolves a base64-encoded domain (29faea63.planfhntage.de), downloads a payload, writes i...

10CVSS9.6AI score0.06129EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/08/10 9:0 p.m.23 views

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

9.7AI score0.06129EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/08/09 9:2 a.m.76 views

RubyGems: Malware in `active-support` gem

This was sent to RubySec: The gem duplicates official activesupport no hyphen code, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain 29faea63.planfhntage.de, downloads a payload, and executes...

10CVSS1.4AI score0.06129EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/01/30 4:53 p.m.73 views

(RHSA-2018:0239) Low: Red Hat Enterprise Linux 6.2 AMC Retirement Notice

In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 was retired as of January 29, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical...

6.9AI score
Exploits0
Rows per page
Query Builder