Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-14001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

9.8CVSS8.2AI score0.0456EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/05/18 12:0 a.m.6 views

ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media (moderate)

ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media Announcement ID: openSUSE-SU-2025:15119-1 Rating: moderate Cross-References: CVE-2020-14001 CVE-2021-28834 CVSS scores: CVE-2020-14001 SUSE : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2021-28834 SUSE : 9.8...

9.8CVSS7.6AI score0.0456EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

7.3CVSS7.5AI score0.0456EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.15 views

openSUSE: Security Advisory for rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.0456EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.23 views

SUSE SLES15: ruby2.5-rubygem-kramdown / ruby2.5-rubygem-kramdown-doc / etc (SUSE-SU-2022:3259-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution...

9.8CVSS7.8AI score0.0456EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/10/27 12:0 a.m.22 views

Ubuntu 20.10 : kramdown vulnerability (USN-4562-2)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4562-2 advisory. kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file. Tenable has extracted the preceding description...

9.8CVSS8.1AI score0.0456EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/20 12:0 a.m.19 views

Fedora 31 : rubygem-kramdown (2020-5c70d97eca)

A security flaw was found on ruby kramdown which may lead to unintended code execution. THis vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update syste...

9.8CVSS8.2AI score0.0456EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/08/20 12:0 a.m.17 views

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-5c70d97eca)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.0456EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/08/20 12:0 a.m.22 views

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-f6eee9a2d3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.0456EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/20 12:0 a.m.22 views

Fedora 32 : rubygem-kramdown (2020-f6eee9a2d3)

A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update syste...

9.8CVSS8.2AI score0.0456EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/08/17 12:0 a.m.14 views

Debian: Security Advisory (DLA-2316-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.0456EPSS
Exploits0References4
Debian
Debian
added 2020/08/10 7:21 p.m.23 views

[SECURITY] [DSA 4743-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4743-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2020 https://www.debian.org/security/faq -...

7.5CVSS2.6AI score0.0456EPSS
Exploits0
Debian
Debian
added 2020/08/10 7:21 p.m.50 views

[SECURITY] [DSA 4743-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4743-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2020 https://www.debian.org/security/faq -...

9.8CVSS9.5AI score0.0456EPSS
Exploits0
Debian
Debian
added 2020/08/09 2:59 a.m.40 views

[SECURITY] [DLA 2316-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2316-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA August 08, 2020 https://wiki.debian.org/LTS -...

9.8CVSS9.6AI score0.0456EPSS
Exploits0
CVE
CVE
added 2020/07/17 3:27 p.m.164 views

CVE-2020-14001

The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...

9.8CVSS9.3AI score0.0456EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2020/07/17 3:27 p.m.38 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.4AI score0.0456EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.37 views

FreeBSD : kramdown -- template option vulnerability (20b46222-c12b-11ea-abe8-08002728f74c)

kramdown news : CVE-2020-14001 is addressed to avoid problems when using the ::options / extension together with the 'template' option. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020...

9.8CVSS8.2AI score0.0456EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2020/06/28 12:0 a.m.38 views

kramdown -- template option vulnerability

kramdown news: CVE-2020-14001 is addressed to avoid problems when using the ::options / extension together with the 'template' option...

9.8CVSS2.5AI score0.0456EPSS
Exploits0References1
Rows per page
Query Builder