29 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-17405
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local...
RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2018:0584)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0584 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
BELL-CVE-2017-17405 CVE-2017-17405 does not affect BellSoft software
Bulletin has no description...
Debian: Security Advisory (DLA-1222-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2017-0486)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : ruby (RHSA-2019:2806)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2806 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...
Debian DSA-4259-1 : ruby2.3 - security update
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could...
[SECURITY] [DSA 4259-1] ruby2.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4259-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 31, 2018 https://www.debian.org/security/faq -...
macOS 10.13.x < 10.13.6 Multiple Vulnerabilities
The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6. It is, therefore, affected by multiple vulnerabilities. Note that successful exploitation of the most serious issues can result in arbitrary code execution. C Tenable Network Security, Inc...
[SECURITY] [DLA 1421-1] ruby2.1 security update
Package : ruby2.1 Version : 2.1.5-2+deb8u4 CVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777...
Ruby Net FTP Command Injection (CVE-2017-17405) - Ver2
A command execution vulnerability exists in Ruby. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Important: Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update
An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Oracle Linux 7 : ruby (ELSA-2018-0378)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0378 advisory. - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo ...
ruby security update
2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...
GLSA-201802-05 : Ruby: Command injection
The remote host is affected by the vulnerability described in GLSA-201802-05 Ruby: Command injection A command injection flaw was discovered in Net::FTP which impacts Ruby. Impact : A remote attacker, by enticing a user to download and open a crafted file from a malicious FTP server, could execut...
MGASA-2017-0486 Updated ruby packages fix security vulnerabilities
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
Updated ruby packages fix security vulnerabilities
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...
Debian DLA-1221-1 : ruby1.9.1 security update
Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-17405 A command injection vulnerability in Net::FTP might allow a malicious FTP server the execution of arbitrary...
Command injection
The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...
[slackware-security] ruby
New ruby packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ruby-2.2.9-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Net::FTPget, getbinaryfile, gettextfile, put,...