Rails Denial of Service Vulnerability

Rails is a set of Rails team based on the Ruby language open source web application framework. A denial of service vulnerability exists in Rails versions prior to 6.0.3.2. An attacker can exploit this vulnerability to run any pending migration on a Rails application running in a production...

The vulnerability of the JSON extension of the Ruby programming language interpreter allows attackers to compromise data integrity.

The vulnerability of the JSON extension of the Ruby programming language interpreter involves insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

Denial Of Service (DoS)

WebKitGTK+ is vulnerable to denial of service DoS. The attack is possible because it do not properly support the Ruby language, which allows attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vector...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of exploit modules and tools for penetration testing and vulnerability assessment. The framework is written in Ruby and provides a wide range of features for discovering and exploiting vulnerabilities in various systems and...

The vulnerability of the WEBrick library for the Ruby programming language allows attackers to trigger a service failure.

The vulnerability of the WEBrick library for the Ruby programming language is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using specially crafted HTTP requests...

metasploit-framework

This is an offensive tool for Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for discovering, exploiting, and analyzing vulnerabilities in computer systems. It is widely used by security researchers and penetration teste...

The vulnerability of the Ruby interpreter’s methods Dir.open, Dir.new, Dir.entries, and Dir.empty allows attackers to gain unauthorized access to protected data or compromise the integrity of protected information.

The vulnerability of the Dir.open, Dir.new, Dir.entries, and Dir.empty methods in the Ruby programming language exists due to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...

The vulnerability of the Rack module in the Ruby programming language allows attackers to compromise data integrity.

The vulnerability of the Rack module in the Ruby programming language is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow an attacker to compromise the integrity of data...

metasploit-framework

This is an offensive tool for the Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for identifying and exploiting vulnerabilities in computer systems. It is a widely used tool in the field of penetration testing and red...

Important: Red Hat Security Advisory: rh-ruby23-ruby security update

An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

Important: Red Hat Security Advisory: rh-ruby25-ruby security, bug fix, and enhancement update

An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

The vulnerability in the implementation of Net::FTP commands in the Ruby programming language allows attackers to execute arbitrary commands.

The vulnerability of Net::FTP commands in the Ruby programming language is related to an input filtering error. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands when opening local files using Net::FTPget, Net::FTPgetbinaryfile, Net::FTPgettextfile, Net::FTPput,...

Debian DSA-4332-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal...

The vulnerability of the active-support gem for the Ruby programming language, which allows a hacker to execute arbitrary code.

The vulnerability of the active-support gem for the Ruby programming language is related to the use of hidden malicious code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Debian: Security Advisory (DSA-4259-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1421-1 : ruby2.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap...

Security Bulletin: IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language (CVE-2013-4492, CVE-2013-4164)

Summary IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language. These vulnerabilities include obtaining sensitive information, executing arbitrary code on the system or causing the application to crash. Vulnerability Details VULNERABILITY...

oniguruma: Invalid pointer dereference in left_adjust_char_head()

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...

Debian DLA-1359-1 : ruby1.8 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...