Lucene search
K

109 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/14 12:0 a.m.51 views

RHEL 8 : ruby:2.5 (RHSA-2023:7025)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7025 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.8CVSS7.8AI score0.04127EPSS
Exploits1References13
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 10:38 a.m.79 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

9.8CVSS10AI score0.76768EPSS
Exploits15Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.37 views

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-002)

The version of ruby installed on the remote host is prior to 2.6.9-129. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-002 advisory. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service...

7.5CVSS7.1AI score0.03222EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.45 views

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-003)

The version of ruby installed on the remote host is prior to 2.6.10-130. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-003 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References4
Amazon
Amazon
added 2023/09/25 12:0 a.m.5 views

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...

8.8CVSS6.9AI score0.02287EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.44 views

AlmaLinux 8 : ruby:2.7 (ALSA-2023:3821)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3821 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time CVE-2023-287...

8.8CVSS7.8AI score0.02637EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2023/06/21 8:42 a.m.86 views

USN-6181-1: Ruby vulnerabilities

Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected...

8.8CVSS7.7AI score0.02637EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/06/21 12:0 a.m.40 views

Ubuntu 23.04 : Ruby vulnerabilities (USN-6181-1)

The remote Ubuntu 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6181-1 advisory. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker coul...

8.8CVSS7.9AI score0.02637EPSS
Exploits1References4
Debian
Debian
added 2023/06/09 10:23 a.m.39 views

[SECURITY] [DLA 3450-1] ruby2.5 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3450-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta June 09, 2023 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

8.8CVSS9.3AI score0.04127EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/05/08 12:0 a.m.21 views

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-1790)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/05/08 12:0 a.m.24 views

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2023-1768)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.23 views

Ubuntu 20.04 LTS : Ruby vulnerability (USN-5806-3)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5806-3 advisory. USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Tenable has extracted the preceding description block directly from...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2023/03/20 5:24 p.m.56 views

USN-5806-3: Ruby vulnerability

USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use th...

8.8CVSS7.4AI score0.02287EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/19 12:0 a.m.24 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1540)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/19 12:0 a.m.32 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-1565)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.36 views

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-1483)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications...

8.8CVSS7.2AI score0.02287EPSS
Exploits1References2
Hacker One
Hacker One
added 2023/03/01 8:3 a.m.50 views

Internet Bug Bounty: Security Unfavorable Specifications and Implementations in the CGI::Cookie Class

A vulnerability was found in the CGI::Cookie class that allowed an attacker to inject invalid attributes in the Set-Cookie header. Additionally, the cgi gem had a vulnerability that allowed an attacker to inject a malicious HTTP response header and/or body. The issue was fixed in versions 0.3.5,...

8.8CVSS8.6AI score0.02287EPSS
Exploits1
Hacker One
Hacker One
added 2023/03/01 7:59 a.m.81 views

Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information

A vulnerability was found in Ruby's CGI library that allowed an attacker to inject a malicious HTTP response header and/or body if an application used untrusted user input to generate HTTP responses. The vulnerability was fixed in version 0.3.5, 0.2.2, and 0.1.0.2 of the cgi gem...

8.8CVSS8.4AI score0.02287EPSS
Exploits1
Cloud Foundry
Cloud Foundry
added 2023/02/24 12:0 a.m.20 views

USN-5806-2: Ruby vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru...

8.8CVSS9.1AI score0.02287EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS7.9AI score0.04766EPSS
Exploits1References4
Rows per page
Query Builder