13 matches found
MiracleLinux 7 : ruby-2.0.0.648-33.0.1.el7.AXS7 (AXSA:2018-2583:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2583:01 advisory. It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploi...
RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
CLSA-2022-1643727489 Fix of CVE: CVE-2021-23840, CVE-2021-3712, CVE-2021-23841
CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings - CVE-2021-23840: openssl: integer overflow in CipherUpdate - CVE-2021-23841: openssl: NULL pointer dereference in X509issuerandserialhash...
EulerOS Virtualization for ARM 64 3.0.1.0 : ruby (EulerOS-SA-2019-1407)
According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A...
Important: Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update
An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1067)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could...
EulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1066)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could...
Scientific Linux Security Update : ruby on SL7.x x86_64 (20180228)
Security Fixes : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into...
RHEL 7 : ruby (RHSA-2018:0378)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...
Important: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ruby: Buffer underrun in OpenSSL ASN1 decode
It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service...
FreeBSD : ruby -- multiple vulnerabilities (95b01379-9d52-11e7-a25c-471bafc3262f)
Ruby blog : CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...
ALPINE-CVE-2017-14033
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service interpreter crash via a crafted string...