Lucene search
K

207 matches found

OSV
OSV
added 2022/05/12 12:0 a.m.7 views

UBUNTU-CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.2AI score0.12403EPSS
Exploits0References7
NVD
NVD
added 2022/05/05 4:15 p.m.19 views

CVE-2022-22434

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159...

4.6CVSS0.00233EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/15 12:0 a.m.25 views

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation...

7.8CVSS4.4AI score0.2995EPSS
In wildExploits24
OSV
OSV
added 2022/03/02 11:15 p.m.2 views

ALPINE-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

6.5CVSS6.4AI score0.0142EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/22 12:0 a.m.36 views

RHEL 8 : ruby:2.6 (RHSA-2022:0581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0581 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.3CVSS6.8AI score0.06811EPSS
Exploits7References31
RedHat Linux
RedHat Linux
added 2022/02/21 9:4 a.m.6 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/21 8:55 a.m.2 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/29 4:10 p.m.4 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/06/29 4:10 p.m.84 views

Moderate: Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References12
AlmaLinux
AlmaLinux
added 2021/06/29 1:58 p.m.91 views

Moderate: ruby:2.5 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.5.9. BZ1952626 Security Fixes: ruby: NUL injection vulnerability of...

8.1CVSS8.1AI score0.06811EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.64 views

RHEL 8 : ruby:2.6 (RHSA-2021:2588)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2588 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References23
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.46 views

RHEL 8 : ruby:2.5 (RHSA-2021:2587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2587 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.1CVSS6.8AI score0.06811EPSS
Exploits2References21
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.47 views

CentOS 8 : ruby:2.5 (CESA-2021:2587)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2587 advisory. - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 - ruby: Regular expression denial of service vulnerability of...

8.1CVSS6.8AI score0.06811EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.50 views

CentOS 8 : ruby:2.6 (CESA-2021:2588)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2588 advisory. - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 - ruby: Regular expression denial of service vulnerability of...

8.1CVSS6.9AI score0.06811EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2021/06/03 11:21 a.m.1 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/05/26 7:41 a.m.2 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
Amazon
Amazon
added 2021/05/24 12:0 a.m.121 views

Medium: ruby

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.3AI score0.13911EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/06 10:48 a.m.4 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.71 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-4882-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4882-1 advisory. It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into...

7.5CVSS7.9AI score0.06811EPSS
Exploits1References4
Prion
Prion
added 2021/03/08 5:15 p.m.19 views

Design/Logic Flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

5CVSS7.3AI score0.02252EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder