Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2017-17405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local...

9.3CVSS7.2AI score0.73927EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.35 views

RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2018:0584)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0584 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.73927EPSS
Exploits6References7
OSV
OSV
added 2023/08/31 12:15 p.m.1 views

BELL-CVE-2017-17405 CVE-2017-17405 does not affect BellSoft software

Bulletin has no description...

8.8CVSS5.8AI score0.73927EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.30 views

Debian: Security Advisory (DLA-1222-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.73927EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2017-0486)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.4AI score0.73927EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2019/09/19 12:0 a.m.43 views

RHEL 7 : ruby (RHSA-2019:2806)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2806 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...

9.3CVSS7.2AI score0.73927EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2018/08/02 12:0 a.m.49 views

Debian DSA-4259-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could...

9.8CVSS6.9AI score0.73927EPSS
Exploits6References18
Debian
Debian
added 2018/07/31 9:40 p.m.43 views

[SECURITY] [DSA 4259-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4259-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 31, 2018 https://www.debian.org/security/faq -...

9.8CVSS9AI score0.73927EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2018/07/17 12:0 a.m.90 views

macOS 10.13.x < 10.13.6 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6. It is, therefore, affected by multiple vulnerabilities. Note that successful exploitation of the most serious issues can result in arbitrary code execution. C Tenable Network Security, Inc...

10CVSS7.7AI score0.73927EPSS
Exploits10References36
Debian
Debian
added 2018/07/14 6:28 a.m.61 views

[SECURITY] [DLA 1421-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u4 CVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777...

9.8CVSS7.4AI score0.73927EPSS
Exploits18
Check Point Advisories
Check Point Advisories
added 2018/04/15 12:0 a.m.6 views

Ruby Net FTP Command Injection (CVE-2017-17405) - Ver2

A command execution vulnerability exists in Ruby. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9.3CVSS5AI score0.73927EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2018/03/26 10:1 a.m.45 views

Important: Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update

An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.8CVSS7.2AI score0.73927EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2018/03/01 12:0 a.m.38 views

Oracle Linux 7 : ruby (ELSA-2018-0378)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0378 advisory. - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo ...

9.8CVSS7.8AI score0.73927EPSS
Exploits14References12
Oracle linux
Oracle linux
added 2018/02/28 12:0 a.m.59 views

ruby security update

2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...

9.8CVSS9.8AI score0.73927EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2018/02/20 12:0 a.m.34 views

GLSA-201802-05 : Ruby: Command injection

The remote host is affected by the vulnerability described in GLSA-201802-05 Ruby: Command injection A command injection flaw was discovered in Net::FTP which impacts Ruby. Impact : A remote attacker, by enticing a user to download and open a crafted file from a malicious FTP server, could execut...

9.3CVSS7.7AI score0.73927EPSS
Exploits5References2
OSV
OSV
added 2017/12/31 3:51 p.m.11 views

MGASA-2017-0486 Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.8CVSS9.3AI score0.73927EPSS
Exploits6References3
Mageia
Mageia
added 2017/12/31 3:51 p.m.44 views

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.8CVSS2.9AI score0.73927EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2017/12/26 12:0 a.m.36 views

Debian DLA-1221-1 : ruby1.9.1 security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-17405 A command injection vulnerability in Net::FTP might allow a malicious FTP server the execution of arbitrary...

9.8CVSS7.5AI score0.73927EPSS
Exploits6References4
Prion
Prion
added 2017/12/20 9:29 a.m.41 views

Command injection

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

7.5CVSS9.3AI score0.73927EPSS
Exploits6References9Affected Software1
Slackware Linux
Slackware Linux
added 2017/12/20 6:38 a.m.38 views

[slackware-security] ruby

New ruby packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ruby-2.2.9-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Net::FTPget, getbinaryfile, gettextfile, put,...

9.3CVSS9.1AI score0.73927EPSS
Exploits5
Rows per page
Query Builder