Lucene search
K

9791 matches found

RedHat Linux
RedHat Linux
added 2022/02/21 9:4 a.m.4 views

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

7.5CVSS7.4AI score0.02931EPSS
Exploits1References4
OSV
OSV
added 2022/02/17 6:15 p.m.35 views

GO-2021-0143

When a Handler does not explicitly set the Content-Type header, the net/http/cgi and net/http/fcgi packages default to "text/html", which can cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response...

0.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/02/16 11:39 a.m.62 views

Important: Red Hat Security Advisory: ruby:2.6 security update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.3CVSS6.6AI score0.06307EPSS
Exploits5References8
Rockylinux
Rockylinux
added 2022/02/16 8:26 a.m.57 views

ruby:2.6 security update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is a...

9.3CVSS7.9AI score0.06307EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/02/16 12:0 a.m.47 views

RHEL 8 : ruby:2.6 (RHSA-2022:0544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0544 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.3CVSS7.3AI score0.06307EPSS
Exploits5References15
Cvelist
Cvelist
added 2022/02/14 1:8 p.m.23 views

CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

10AI score0.25955EPSS
Exploits1References3
CVE
CVE
added 2022/02/14 1:8 p.m.101 views

CVE-2021-45420

Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...

10CVSS9.8AI score0.25955EPSS
In wildExploits1References3Affected Software1
CNVD
CNVD
added 2022/02/09 12:0 a.m.16 views

Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10725)

Reolink Rlc-410W is a Wifi security camera from Reolink China. cgiserver.cgi cgicheckability in Reolink RLC-410W v3.0.0.13620121102 is vulnerable to an access control error, which can be exploited by an attacker by sending an HTTP request to trigger it, causing a denial of service...

8.8CVSS1.9AI score0.00867EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/09 12:0 a.m.24 views

Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10735)

Reolink Rlc-410W is a Wifi security camera from Reolink China. cgiserver.cgi cgicheckability in Reolink RLC-410W v3.0.0.13620121102 is vulnerable to an access control error, which can be exploited by attackers to cause a denial of service...

7.1CVSS5.1AI score0.00807EPSS
Exploits1References1
NVD
NVD
added 2022/02/06 9:15 p.m.16 views

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS0.04766EPSS
Exploits1References7
OSV
OSV
added 2022/02/06 9:15 p.m.1 views

ALPINE-CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS7.5AI score0.04766EPSS
Exploits1References1
OSV
OSV
added 2022/02/06 9:15 p.m.21 views

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS7.7AI score0.04766EPSS
Exploits1References7
OSV
OSV
added 2022/02/06 9:15 p.m.3 views

DEBIAN-CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS7.5AI score0.04766EPSS
Exploits1References1
Prion
Prion
added 2022/02/06 9:15 p.m.19 views

Integer overflow

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

7.5CVSS9.4AI score0.04766EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2022/02/06 12:0 a.m.23 views

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8AI score0.04766EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2022/02/06 12:0 a.m.33 views

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS9.7AI score0.04766EPSS
Exploits1
Debian CVE
Debian CVE
added 2022/02/06 12:0 a.m.40 views

CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

9.8CVSS7.6AI score0.04766EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/02/04 12:0 a.m.35 views

Debian DSA-5067-1 : ruby2.7 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5067 advisory. Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result in information disclosure or...

9.8CVSS7.3AI score0.04766EPSS
Exploits3References9
Hacker One
Hacker One
added 2022/01/30 7:31 a.m.109 views

Internet Bug Bounty: Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse

Release note: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be...

5CVSS6.5AI score0.02938EPSS
Exploits2
OSV
OSV
added 2022/01/28 10:15 p.m.2 views

CVE-2021-44413

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

7.7CVSS5.8AI score0.01207EPSS
Exploits1References1
Rows per page
Query Builder