Lucene search
K

191 matches found

BDU FSTEC
BDU FSTEC
added 2019/02/07 12:0 a.m.4 views

The vulnerability in the implementation of Net::FTP commands in the Ruby programming language allows attackers to execute arbitrary commands.

The vulnerability of Net::FTP commands in the Ruby programming language is related to an input filtering error. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands when opening local files using Net::FTPget, Net::FTPgetbinaryfile, Net::FTPgettextfile, Net::FTPput,...

9.3CVSS7.5AI score0.73927EPSS
Exploits5References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.36 views

Debian DSA-4332-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal...

9.8CVSS7AI score0.10715EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2018/08/21 12:0 a.m.8 views

The vulnerability of the active-support gem for the Ruby programming language, which allows a hacker to execute arbitrary code.

The vulnerability of the active-support gem for the Ruby programming language is related to the use of hidden malicious code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS5.9AI score0.06129EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2018/07/30 12:0 a.m.68 views

Debian: Security Advisory (DSA-4259-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.73927EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2018/07/16 12:0 a.m.242 views

Debian DLA-1421-1 : ruby2.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap...

9.8CVSS7.9AI score0.73927EPSS
Exploits18References27
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:16 p.m.30 views

Security Bulletin: IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language (CVE-2013-4492, CVE-2013-4164)

Summary IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language. These vulnerabilities include obtaining sensitive information, executing arbitrary code on the system or causing the application to crash. Vulnerability Details VULNERABILITY...

6.8CVSS0.9AI score0.34968EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2018/05/03 5:6 a.m.5 views

oniguruma: Invalid pointer dereference in left_adjust_char_head()

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...

7.5CVSS7.2AI score0.05129EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/04/24 12:0 a.m.80 views

Debian DLA-1358-1 : ruby1.9.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...

9.8CVSS6.9AI score0.10552EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2018/04/24 12:0 a.m.50 views

Debian: Security Advisory (DLA-1358-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.10552EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/04/24 12:0 a.m.41 views

Debian: Security Advisory (DLA-1359-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.2AI score0.10552EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/24 12:0 a.m.47 views

Debian DLA-1359-1 : ruby1.8 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2017-17742 Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It wa...

9.1CVSS6.9AI score0.10552EPSS
Exploits0References8
Debian
Debian
added 2018/04/23 9:51 a.m.42 views

[SECURITY] [DLA 1359-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u6 CVE ID : CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following...

9.1CVSS7AI score0.10552EPSS
Exploits0
Prion
Prion
added 2018/04/03 10:29 p.m.19 views

Design/Logic Flaw

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

5CVSS8.3AI score0.07169EPSS
Exploits0References17Affected Software3
RedHat Linux
RedHat Linux
added 2018/03/26 10:20 a.m.59 views

Important: Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update

An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.8CVSS7.2AI score0.73927EPSS
Exploits14References13
OpenVAS
OpenVAS
added 2018/03/14 12:0 a.m.64 views

CentOS Update for ruby CESA-2018:0378 centos7

Check the version of ruby SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882847";...

9.8CVSS9.2AI score0.73927EPSS
Exploits14References2
CNVD
CNVD
added 2017/12/20 12:0 a.m.2 views

Ruby 'lazy_initialize' function command injection vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A command injection vulnerability exists in the 'lazyinitialize' function in the lib/resolv.rb file in Ruby 2.4.3 and earlier versions. An attacker can...

9.8CVSS7.6AI score0.05913EPSS
Exploits1References1
OSV
OSV
added 2017/12/17 9:29 p.m.3 views

DEBIAN-CVE-2017-17718

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation...

5.9CVSS7AI score0.01348EPSS
Exploits0References1
Debian
Debian
added 2017/11/11 2:46 p.m.32 views

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

9.3CVSS1.8AI score0.16412EPSS
Exploits2
Debian
Debian
added 2017/11/11 2:46 p.m.46 views

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

9.8CVSS10AI score0.16412EPSS
Exploits2
CNVD
CNVD
added 2017/09/07 12:0 a.m.2 views

Ruby URI.decode_www_form_component Method Denial of Service Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the URI.decodewwwformcomponent method in Ruby versions prior to 1.9.2-p330. A remote attacker can exploit this...

7.5CVSS7.5AI score0.04128EPSS
Exploits0References1
Rows per page
Query Builder