Lucene search
K

148 matches found

Debian
Debian
added 2013/12/04 9:28 p.m.39 views

[SECURITY] [DSA 2809-1] ruby1.8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2809-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2013 http://www.debian.org/security/faq -...

6.8CVSS7.8AI score0.34968EPSS
Exploits3
OpenVAS
OpenVAS
added 2013/12/04 12:0 a.m.38 views

Debian Security Advisory DSA 2809-1 (ruby1.8 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming a...

6.8CVSS0.4AI score0.34968EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2013/12/04 12:0 a.m.45 views

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20131121)

It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. CVE-2006-7243 A flaw was found in PHP's SSL client's hostname identity...

5CVSS8.3AI score0.10136EPSS
Exploits2References4
OSV
OSV
added 2013/12/04 12:0 a.m.38 views

DSA-2809-1 ruby1.8 - several

Bulletin has no description...

6.8CVSS5.6AI score0.34968EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2013/11/20 4:38 p.m.59 views

Moderate: Red Hat Security Advisory: php security, bug fix, and enhancement update

Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

5CVSS7.3AI score0.10136EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2013/10/01 12:0 a.m.66 views

RHEL 5 : php53 (RHSA-2013:1307)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...

10CVSS7.9AI score0.10467EPSS
Exploits5References23
OpenVAS
OpenVAS
added 2013/09/23 12:0 a.m.25 views

Debian: Security Advisory (DSA-2763-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.7AI score0.01197EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/08/20 12:0 a.m.35 views

Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted enti...

6.8CVSS7.9AI score0.06671EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2013/08/18 12:0 a.m.34 views

Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...

6.8CVSS0.1AI score0.06671EPSS
Exploits0References1
OSV
OSV
added 2013/08/18 12:0 a.m.31 views

DSA-2738-1 ruby1.9.1 - several

Bulletin has no description...

6.8CVSS6.3AI score0.06671EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/08/01 12:0 a.m.28 views

CentOS Update for ruby CESA-2013:1090 centos5

Check for the Version of ruby OpenVAS Vulnerability Test CentOS Update for ruby CESA-2013:1090 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.8CVSS6.1AI score0.02767EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/28 12:0 a.m.30 views

Mandriva Linux Security Advisory : ruby (MDVSA-2013:201)

A vulnerability has been discovered and corrected in ruby : A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers...

6.8CVSS7.6AI score0.02767EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.44 views

FreeBSD : ruby -- Hostname check bypassing vulnerability in SSL client (ebd877b9-7ef4-4375-b1fd-c67780581898)

Ruby Developers report : Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

6.8CVSS8AI score0.02767EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.29 views

Fedora 18 : ruby-1.9.3.448-31.fc18 (2013-12123)

A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. Note...

6.8CVSS7.7AI score0.02767EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.29 views

Fedora 17 : ruby-1.9.3.448-31.fc17 (2013-12062)

A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. Note...

6.8CVSS7.7AI score0.02767EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/07/01 12:0 a.m.70 views

[slackware-security] ruby (SSA:2013-178-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ruby SSA:2013-178-01 New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...

6.8CVSS5.8AI score0.02767EPSS
Exploits0
ThreatPost
ThreatPost
added 2013/06/27 12:4 p.m.36 views

OpenSSL Man-in-the-middle flaw fixed in Ruby

The maintainers of Ruby have fixed a serious flaw in its SSL client that could have allowed an attacker to conduct man-in-the-middle attacks by spoofing an SSL server. The vulnerability lies in the OpenSSL toolkit that’s built in to Ruby and is present in several versions of the software from 1.8...

6.8CVSS4.3AI score0.02767EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/06/27 12:0 a.m.35 views

ruby -- Hostname check bypassing vulnerability in SSL client

Ruby Developers report: Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes...

6.8CVSS6.4AI score0.02767EPSS
Exploits0References1
RubySec
RubySec
added 2013/06/27 12:0 a.m.45 views

CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

6.8CVSS8.5AI score0.02767EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2013/05/02 12:0 a.m.19 views

DSA-2664-1 stunnel4 - buffer overflow

Bulletin has no description...

6.6CVSS6.3AI score0.02932EPSS
Exploits0
Rows per page
Query Builder