9791 matches found
ruby: Cookie prefix spoofing in CGI::Cookie.parse
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...
GO-2021-0143
When a Handler does not explicitly set the Content-Type header, the net/http/cgi and net/http/fcgi packages default to "text/html", which can cause a Cross-Site Scripting vulnerability if an attacker can control any part of the contents of a response...
Important: Red Hat Security Advisory: ruby:2.6 security update
An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
ruby:2.6 security update
An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is a...
RHEL 8 : ruby:2.6 (RHSA-2022:0544)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0544 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
CVE-2021-45420
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...
CVE-2021-45420
Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...
Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10725)
Reolink Rlc-410W is a Wifi security camera from Reolink China. cgiserver.cgi cgicheckability in Reolink RLC-410W v3.0.0.13620121102 is vulnerable to an access control error, which can be exploited by an attacker by sending an HTTP request to trigger it, causing a denial of service...
Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10735)
Reolink Rlc-410W is a Wifi security camera from Reolink China. cgiserver.cgi cgicheckability in Reolink RLC-410W v3.0.0.13620121102 is vulnerable to an access control error, which can be exploited by attackers to cause a denial of service...
CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
ALPINE-CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
DEBIAN-CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
Integer overflow
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
CVE-2021-41816
CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...
Debian DSA-5067-1 : ruby2.7 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5067 advisory. Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result in information disclosure or...
Internet Bug Bounty: Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
Release note: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be...
CVE-2021-44413
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...