2169 matches found
CVE-2018-1000074
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
CVE-2018-1000078
CVE-2018-1000078 describes a Cross Site Scripting (XSS) vulnerability in RubyGems: gem server displays the homepage attribute and can execute injected scripts if a victim browses a malicious gem. Affected RubyGems before 2.7.6 (versions in the 2.x line) are vulnerable; the issue has been fixed in...
CVE-2018-1000077
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
CVE-2018-1000075
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
CVE-2018-1000078
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
CVE-2018-1000075
CVE-2018-1000075 affects RubyGems: a negative-size condition in the ruby gem package tar header can cause an infinite loop. Affected ranges include RubyGems in the 2.2, 2.3, 2.4, and 2.5 series (e.g., 2.2.9 and earlier; 2.3.6 and earlier; 2.4.3 and earlier; 2.5.0 and earlier) up to trunk revision...
CVE-2018-1000078
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
CVE-2018-1000075
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
CVE-2018-1000076
CVE-2018-1000076 (RubyGems) describes an Improper Verification of Cryptographic Signature vulnerability in package.rb that could allow installation of a mis-signed gem because the tarball could contain multiple gem signatures. Affected versions include RubyGems in Ruby 2.2.x, 2.3.x, 2.4.x, and 2....
CVE-2018-1000074
CVE-2018-1000074 is a Deserialization of Untrusted Data vulnerability in the RubyGems owner command. The available documents specify that RubyGems versions in the Ruby 2.2–2.5 series (and affected trunk revision prior to 62422) contain a flaw where providing a specially crafted YAML file and runn...
CVE-2018-1000079
CVE-2018-1000079 is a path traversal vulnerability in RubyGems during gem installation. The issue allows writing to arbitrary filesystem locations via the gem installation process when a malicious gem is installed, potentially leading to arbitrary code execution or file tampering on systems with ...
CVE-2018-1000079
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
CVE-2018-1000079
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...
CVE-2018-1000078
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
UBUNTU-CVE-2018-1000075
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
CVE-2018-1000077
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
CVE-2018-1000074
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code...
CVE-2018-1000076
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...
CVE-2018-1000073
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...