Lucene search
K

146 matches found

OSV
OSV
added 2020/06/09 9:16 a.m.29 views

SUSE-SU-2020:1570-1 Security update for ruby2.1

This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command bsc1043983. - CVE-2016-7798: Fixed an IV Reuse in GCM Mode bsc1055265. - CVE-2017-0898: Fixed a buffer underrun...

9.8CVSS9.1AI score0.73927EPSS
Exploits22References83
NVD
NVD
added 2020/05/06 5:15 p.m.28 views

CVE-2020-3283

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...

8.6CVSS8.5AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2020/05/06 5:15 p.m.4 views

CVE-2020-3283

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...

8.6CVSS7.5AI score0.01956EPSS
Exploits0References1
Prion
Prion
added 2020/05/06 5:15 p.m.23 views

Design/Logic Flaw

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...

5CVSS8.3AI score0.01956EPSS
Exploits0References1Affected Software13
Cvelist
Cvelist
added 2020/05/06 4:41 p.m.32 views

CVE-2020-3283 Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...

8.6CVSS8.5AI score0.01956EPSS
Exploits0References1
Cisco
Cisco
added 2020/05/06 4:0 p.m.32 views

Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer SSL/Transport Layer Security TLS handler of Cisco Firepower Threat Defense FTD Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service DoS condition on an affected...

8.6CVSS8.7AI score0.01956EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/07/16 12:0 a.m.242 views

Debian DLA-1421-1 : ruby2.1 security update

Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap...

9.8CVSS7.9AI score0.73927EPSS
Exploits18References27
OpenVAS
OpenVAS
added 2018/07/15 12:0 a.m.44 views

Debian: Security Advisory (DLA-1421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.73927EPSS
Exploits18References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:42 a.m.44 views

Security Bulletin: Vulnerabilities in Ruby affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in Ruby . IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-17790 DESCRIPTION: Ruby could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the lazyinitialize function in...

9.8CVSS1.2AI score0.73927EPSS
Exploits14Affected Software1
RedHat Linux
RedHat Linux
added 2018/03/26 10:20 a.m.4 views

ruby: Buffer underrun in OpenSSL ASN1 decode

It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service...

7.5CVSS7.5AI score0.07734EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/03/26 10:20 a.m.10 views

ruby: Buffer underrun vulnerability in Kernel.sprintf

A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter...

9.1CVSS7.4AI score0.09718EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/03/26 10:20 a.m.59 views

Important: Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update

An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.8CVSS7.2AI score0.73927EPSS
Exploits14References13
RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.5 views

ruby: Buffer underrun vulnerability in Kernel.sprintf

A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter...

9.1CVSS7.4AI score0.09718EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.5 views

ruby: Buffer underrun in OpenSSL ASN1 decode

It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service...

7.5CVSS7.5AI score0.07734EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.67 views

Important: Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update

An update for rh-ruby22-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.8CVSS7.2AI score0.73927EPSS
Exploits14References14
Tenable Nessus
Tenable Nessus
added 2018/03/01 12:0 a.m.77 views

RHEL 7 : ruby (RHSA-2018:0378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References24
RedHat Linux
RedHat Linux
added 2018/02/28 8:6 p.m.2 views

ruby: Buffer underrun in OpenSSL ASN1 decode

It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service...

7.5CVSS7.5AI score0.07734EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2018/02/28 12:0 a.m.59 views

ruby security update

2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...

9.8CVSS9.8AI score0.73927EPSS
Exploits14
RedHat Linux
RedHat Linux
added 2017/12/19 8:37 a.m.11 views

ruby: Buffer underrun vulnerability in Kernel.sprintf

A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter...

9.1CVSS7.4AI score0.09718EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2017/11/13 12:0 a.m.41 views

Debian DSA-4031-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in...

9.8CVSS7.6AI score0.16412EPSS
Exploits2References14
Rows per page
Query Builder