Lucene search
K

90 matches found

Oracle linux
Oracle linux
added 2024/07/15 12:0 a.m.61 views

ruby security update

ruby 2.5.9-112 - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-34125 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-34117 -...

9.8CVSS7.3AI score0.02637EPSS
Exploits1
Rockylinux
Rockylinux
added 2024/06/14 1:59 p.m.49 views

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS6AI score0.02364EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.5 views

The vulnerability of the nestTables configuration in the mysql2 database library allows a attacker to execute a “ prototype contamination ” attack.

The vulnerability of the nestTables configuration in the mysql2 database library is related to improperly controlled modifications of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype compromise” attack...

8.5CVSS7.6AI score0.03114EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.22 views

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...

9.8CVSS7.3AI score0.02364EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2024/06/07 12:0 a.m.45 views

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex searc...

9.8CVSS7.5AI score0.02364EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.18 views

Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...

9.8CVSS7.6AI score0.02364EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2024/06/06 12:0 a.m.27 views

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871...

9.8CVSS6.8AI score0.02364EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/06/06 12:0 a.m.33 views

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37699 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex searc...

9.8CVSS6.5AI score0.02364EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/06/03 12:0 a.m.368 views

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751...

9.8CVSS6.5AI score0.02364EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/05/31 12:0 a.m.36 views

ruby:3.0 security update

ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time...

9.8CVSS7.1AI score0.02637EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2024/05/30 6:34 p.m.31 views

mysql2 vulnerable to Prototype Pollution

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables...

8.2CVSS7.1AI score0.03114EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2024/05/30 6:34 p.m.5 views

0data (=1.0.0), 1.1.1-version (=1.0.0) +8624 more potentially affected by CVE-2024-21512 via mysql2 (>=0.11.8 <=3.9.7)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21512 Source advisory: OSV:GHSA-PMH2-WPJM-FJ45...

8.2CVSS7.2AI score0.03114EPSS
Exploits0
Veracode
Veracode
added 2024/05/30 5:39 a.m.18 views

Prototype Pollution

mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitization when data is passed to fields and tables within a nestTables, which allows an attacker to manipulate the objects prototype...

8.2CVSS7AI score0.03114EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/29 7:12 a.m.28 views

CVE-2024-21512

A flaw was found in MySQL2. This issue is due to prototype pollution caused by improper user input sanitization passed to fields and tables when using nestTables. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...

8.2CVSS7.9AI score0.03114EPSS
Exploits0References7
NVD
NVD
added 2024/05/29 5:16 a.m.10 views

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables...

8.2CVSS8.2AI score0.03114EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/29 5:0 a.m.11 views

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables...

8.2CVSS6.8AI score0.03114EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.4 views

PT-2024-4061

Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.8 Description: The issue is related to improper user input sanitization passed to fields and tables when using nestTables, leading to Prototype Pollution. This can allow a remote attacker to implement a Prototype...

8.5CVSS7.7AI score0.03114EPSS
Exploits0References17
F5 Networks
F5 Networks
added 2024/05/20 8:21 a.m.36 views

K000139680: MySQL2 vulnerability CVE-2024-21508

Security Advisory Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. CVE-2024-21508 Impact There is no impact; F5 products are not affecte...

9.8CVSS9.3AI score0.02554EPSS
Exploits0
OSV
OSV
added 2024/04/23 6:30 a.m.2 views

GHSA-4RCH-2FH8-94VW MySQL2 for Node Arbitrary Code Injection

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS6AI score0.01025EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/04/23 6:30 a.m.31 views

MySQL2 for Node Arbitrary Code Injection

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...

9.8CVSS7.2AI score0.01025EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder