Ruby Certificate Validation Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. Ruby has a security vulnerability. Due to the program failing to properly validate the domain name of a certificate. An attacker can exploit this...

DSA-3246-1 ruby1.9.1 - security update

Bulletin has no description...

DSA-3247-1 ruby2.1 - security update

Bulletin has no description...

[SECURITY] [DSA 3159-1] ruby1.8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3159-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 10, 2015 http://www.debian.org/security/faq -...

DSA-3159-1 ruby1.8 - security update

Bulletin has no description...

Debian Security Advisory DSA 3157-1 (ruby1.9.1 - security update)

Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrary code executio...

[SECURITY] Fedora 21 Update: rubygem-httpclient-2.4.0-2.fc21

an interface to HTTP Client for the ruby language...

[SECURITY] Fedora 20 Update: rubygem-httpclient-2.4.0-2.fc20

an interface to HTTP Client for the ruby language...

[SECURITY] Fedora 19 Update: rubygem-httpclient-2.4.0-2.fc19

an interface to HTTP Client for the ruby language...

Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...

DSA-2738-1 ruby1.9.1 - several

Bulletin has no description...

Debian: Security Advisory (DSA-2738-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2013-0233

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

Moderate: Red Hat Security Advisory: rubygem packages security update

This update fixes one security issue in multiple rubygem packages for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Ruby on Rails Active Record组件SQL注入漏洞(CVE-2012-6496)

CVE ID:CVE-2012-6496 Ruby on Rails是一款Web应用程序框架，构建在Ruby语言之上。 Ruby on Rails Active Record组件存在一个SQL注入漏洞，允许攻击者利用"findby"方法进行SQL注入攻击，可获得敏感信息或控制应用系统。 0 Ruby on Rails 3.0.x Ruby on Rails 3.1.x Ruby on Rails 3.2.x 厂商解决方案 Ruby on Rails 3.0.18，3.1.9和3.2.10已经修复此漏洞，建议用户下载使用： http://www.ruby-lang.org...

Ruby on Rails Authlogic gem SQL注入漏洞

CVE ID: CVE-2012-5664 Ruby on Rails是一款Web应用程序框架，构建在Ruby语言之上 AuthLogic gem实现存在一个SQL注入漏洞，如果Ruby on Rails应用使用AuthLogic gem进行验证，并且攻击者在能访问Rails应用的私钥的情况下，可绕过安全限制进行未授权访问 0 Ruby on Rails 厂商补丁： Ruby on Rails ---------- 目前没有详细解决方案提供： http://rubygems.org/gems/authlogic...

Ruby on Rails多个跨站脚本执行漏洞

BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤，通过手动生成的选择标签传递的某些输入没有正确过滤，导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁： Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.ruby-lang.org/...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2012:0070 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

CentOS Update for irb CESA-2011:0908 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Ruby on Rails跨站脚本执行及跨站请求伪造漏洞

BUGTRAQ ID: 46291 CVE ID: CVE-2011-0446,CVE-2011-0447 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails在实现上存在跨站脚本执行和跨站请求伪造漏洞，攻击者可利用跨站脚本执行漏洞在受影响浏览器中执行任意脚本代码，窃取Cookie验证凭证。 Ruby on Rails Ruby on Rails 3.x Ruby on Rails Ruby on Rails 2.x Ruby on Rails Ruby on Rails 1.x 厂商补...