2173 matches found
CVE-2020-11020 Authentication and extension bypass in Faye
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
CVE-2020-11020
Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...
BSON rubygem contains potential denial of service
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...
GHSA-QH4W-7PW3-P4RP BSON rubygem contains potential denial of service
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...
Potential denial of service in bson rubygem
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...
[SECURITY] Fedora 31 Update: rubygem-rake-12.3.3-200.fc31
Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...
[SECURITY] Fedora 30 Update: rubygem-rake-12.3.3-200.fc30
Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...
Fedora 31 : rubygem-rake (2020-dc1ae17bb5)
A security flaw is found on rake which may case arbitrary command execution under file existence with crafted name. This new rpm will fix the issue CVE-2020-8130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...
Fedora 30 : rubygem-rake (2020-28e06b5f08)
A security flaw is found on rake which may case arbitrary command execution under file existence with crafted name. This new rpm will fix the issue CVE-2020-8130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...
CVE-2020-10663
A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. Mitigation To mitigate this vulnerability, do not supply untrusted...
SUSE-SU-2020:1066-1 Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
This update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp...
Malicious Package
Overview litaonewheel-beer-upperlip is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview fontstack is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using fontstack...
Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-puma (FEDORA-2020-a3f26a9387)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-puma (FEDORA-2020-08092b4c97)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : rubygem-puma (2020-fd87f90634)
Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Fedora 30 : rubygem-puma (2020-08092b4c97)
Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
[SECURITY] Fedora 31 Update: rubygem-puma-3.12.4-1.fc31
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications...
[SECURITY] Fedora 30 Update: rubygem-puma-3.12.4-1.fc30
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications...