Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-16254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the...

5.3CVSS6.7AI score0.04569EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:5 a.m.32 views

BIT-RUBY-2020-5247 HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.6AI score0.04569EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.63 views

RHEL 7 : rh-ruby25-ruby (RHSA-2021:2104)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2104 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.1CVSS6.8AI score0.06811EPSS
Exploits2References20
Tenable Nessus
Tenable Nessus
added 2022/02/22 12:0 a.m.36 views

RHEL 8 : ruby:2.6 (RHSA-2022:0582)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0582 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.3CVSS6.8AI score0.06811EPSS
Exploits7References31
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.254 views

Rocky Linux 8 : ruby:2.5 (RLSA-2021:2587)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2587 advisory. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. CVE-2019-15845 -...

8.1CVSS7.8AI score0.06811EPSS
Exploits2References19
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.31 views

Mageia: Security Advisory (MGASA-2019-0408)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.05128EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.68 views

Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory. ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS:...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2021/06/29 4:24 p.m.71 views

Moderate: Red Hat Security Advisory: ruby:2.5 security, bug fix, and enhancement update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.06811EPSS
Exploits2References11
CBLMariner
CBLMariner
added 2021/06/09 3:50 a.m.19 views

CVE-2019-16254 affecting package ruby 2.6.3-3

CVE-2019-16254 affecting package ruby 2.6.3-3. An upgraded version of the package is available that resolves this issue...

5.3CVSS8.5AI score0.04569EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/26 7:41 a.m.99 views

Moderate: Red Hat Security Advisory: rh-ruby25-ruby security, bug fix, and enhancement update

An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

8.1CVSS6.7AI score0.06811EPSS
Exploits2References10
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.40 views

SUSE: Security Advisory (SUSE-SU-2020:0737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7AI score0.29726EPSS
Exploits8References10
Mageia
Mageia
added 2020/11/27 8:14 p.m.120 views

Updated jruby packages fix security vulnerabilities

Response Splitting attack in the HTTP server of WEBrick CVE-2017-17742. Delete directory using symlink when decompressing tar CVE-2019-8320. Escape sequence injection vulnerability in verbose CVE-2019-8321. Escape sequence injection vulnerability in gem owner CVE-2019-8322. Escape sequence...

8.8CVSS8.5AI score0.0576EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2020/09/29 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-2139)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7AI score0.06811EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/18 12:0 a.m.121 views

Debian DLA-2330-1 : jruby security update

Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication...

8.8CVSS6.9AI score0.0576EPSS
Exploits2References13
OpenVAS
OpenVAS
added 2020/08/17 12:0 a.m.28 views

Debian: Security Advisory (DLA-2330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.0576EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.102 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1529)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.06889EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2020/04/02 12:0 a.m.259 views

openSUSE Security Update : ruby2.5 (openSUSE-2020-395)

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...

8.1CVSS6.9AI score0.29726EPSS
Exploits8References14
OpenVAS
OpenVAS
added 2020/03/29 12:0 a.m.53 views

openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.4AI score0.29726EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2020/03/23 12:0 a.m.68 views

SUSE SLED15 / SLES15 Security Update : Recommended update for ruby2.5 (SUSE-SU-2020:0737-1)

This update for ruby2.5 toversion 2.5.7 fixes the following issues : ruby 2.5 was updated to version 2.5.7 CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. CVE-2019-16254: Fixed am...

8.1CVSS7AI score0.29726EPSS
Exploits8References22
Prion
Prion
added 2020/02/28 5:15 p.m.34 views

Cross site scripting

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

5CVSS6.1AI score0.04569EPSS
Exploits0References7Affected Software4
Rows per page
Query Builder