Lucene search
K

2173 matches found

Cvelist
Cvelist
added 2020/04/29 5:35 p.m.30 views

CVE-2020-11020 Authentication and extension bypass in Faye

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

8.5CVSS9.7AI score0.01534EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2020/04/29 5:35 p.m.18 views

CVE-2020-11020

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

9.8CVSS9.7AI score0.01534EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2020/04/29 3:34 p.m.63 views

BSON rubygem contains potential denial of service

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

7.5CVSS6.9AI score0.06372EPSS
Exploits1References16Affected Software1
OSV
OSV
added 2020/04/29 3:34 p.m.25 views

GHSA-QH4W-7PW3-P4RP BSON rubygem contains potential denial of service

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

7.5CVSS7.1AI score0.06372EPSS
Exploits1References17
RubySec
RubySec
added 2020/04/29 12:0 a.m.27 views

Potential denial of service in bson rubygem

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

7.5CVSS5.3AI score0.06372EPSS
Exploits2References1Affected Software1
Fedora
Fedora
added 2020/04/27 4:47 a.m.30 views

[SECURITY] Fedora 31 Update: rubygem-rake-12.3.3-200.fc31

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...

6.9CVSS2AI score0.01359EPSS
Exploits1
Fedora
Fedora
added 2020/04/27 3:6 a.m.32 views

[SECURITY] Fedora 30 Update: rubygem-rake-12.3.3-200.fc30

Rake is a Make-like program implemented in Ruby. Tasks and dependencies are specified in standard Ruby syntax...

6.9CVSS2AI score0.01359EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.23 views

Fedora 31 : rubygem-rake (2020-dc1ae17bb5)

A security flaw is found on rake which may case arbitrary command execution under file existence with crafted name. This new rpm will fix the issue CVE-2020-8130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...

6.9CVSS6.9AI score0.01359EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.25 views

Fedora 30 : rubygem-rake (2020-28e06b5f08)

A security flaw is found on rake which may case arbitrary command execution under file existence with crafted name. This new rpm will fix the issue CVE-2020-8130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...

6.9CVSS6.9AI score0.01359EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2020/04/24 4:33 a.m.48 views

CVE-2020-10663

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. Mitigation To mitigate this vulnerability, do not supply untrusted...

7.5CVSS2.3AI score0.13911EPSS
Exploits0References4
OSV
OSV
added 2020/04/22 12:41 p.m.7 views

SUSE-SU-2020:1066-1 Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper

This update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp...

8.8CVSS8.1AI score0.73654EPSS
Exploits3References33
Snyk
Snyk
added 2020/04/17 12:0 a.m.6 views

Malicious Package

Overview litaonewheel-beer-upperlip is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview fontstack is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using fontstack...

8CVSS6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/12 12:0 a.m.29 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/12 12:0 a.m.38 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-a3f26a9387)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/12 12:0 a.m.34 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-08092b4c97)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.45 views

Fedora 31 : rubygem-puma (2020-fd87f90634)

Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

7.5CVSS7.2AI score0.02487EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.47 views

Fedora 30 : rubygem-puma (2020-08092b4c97)

Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

7.5CVSS7.2AI score0.02487EPSS
Exploits0References3
Fedora
Fedora
added 2020/04/09 6:19 p.m.41 views

[SECURITY] Fedora 31 Update: rubygem-puma-3.12.4-1.fc31

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications...

7.5CVSS0.1AI score0.02487EPSS
Exploits0
Fedora
Fedora
added 2020/04/09 5:44 p.m.49 views

[SECURITY] Fedora 30 Update: rubygem-puma-3.12.4-1.fc30

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications...

7.5CVSS0.1AI score0.02487EPSS
Exploits0
Rows per page
Query Builder