Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-7465

Malware in sbrugna...

8.4CVSS7.7AI score0.005EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2009-5147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. CVE-2009-5147 Note that Nessu...

7.5CVSS6.7AI score0.07766EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.24 views

Debian: Security Advisory (DLA-299-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.07766EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/07/26 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-3365-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.07766EPSS
Exploits6References2
CVE
CVE
added 2017/03/29 2:0 p.m.124 views

CVE-2009-5147

CVE-2009-5147 affects Ruby’s DL::dlopen by allowing libraries with tainted names to be opened on several Ruby releases (1.8, 1.9.x, 2.0.0 pre-patch 648, and 2.1 pre-2.1.8). Connected materials document a regression in later Ruby/fiddle handling (CVE-2015-7551) that ties back to this regression an...

7.5CVSS7.1AI score0.07766EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2017/03/29 12:0 a.m.40 views

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

7.5CVSS6.8AI score0.07766EPSS
Exploits0References3
OSV
OSV
added 2017/03/29 12:0 a.m.4 views

UBUNTU-CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

7.3CVSS6.7AI score0.07766EPSS
Exploits0References4
Prion
Prion
added 2016/03/24 1:59 a.m.25 views

Design/Logic Flaw

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

4.6CVSS7.2AI score0.07766EPSS
Exploits0References11Affected Software2
Cvelist
Cvelist
added 2016/03/24 1:0 a.m.28 views

CVE-2015-7551

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

6.7AI score0.005EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2016/03/23 12:0 a.m.32 views

CVE-2015-7551

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

8.4CVSS7.4AI score0.005EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.30 views

Fedora 23 : ruby-2.2.4-47.fc23 (2015-eef21b972e)

Update to Ruby 2.2.4 including security fix for CVE-2009-5147 and CVE-2015-7551. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

8.4CVSS6.9AI score0.07766EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.34 views

Fedora 22 : ruby-2.2.4-47.fc22 (2015-c4409eb73a)

Update to Ruby 2.2.4 including security fix for CVE-2009-5147 and CVE-2015-7551. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

8.4CVSS6.9AI score0.07766EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/12/29 12:0 a.m.36 views

FreeBSD : Ruby -- unsafe tainted string vulnerability (3b50881d-1860-4721-aab1-503290e23f6c)

Ruby developer reports : There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed ...

8.4CVSS6.8AI score0.07766EPSS
Exploits0References3
ArchLinux
ArchLinux
added 2015/12/17 12:0 a.m.50 views

ruby: unsafe tainted string usage

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi...

6.9CVSS2AI score0.07766EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2015/12/16 12:0 a.m.32 views

Ruby -- unsafe tainted string vulnerability

Ruby developer reports: There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed a...

8.4CVSS7.7AI score0.07766EPSS
Exploits0References1
RubySec
RubySec
added 2015/12/16 12:0 a.m.39 views

Unsafe tainted string usage in Fiddle and DL

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then...

8.4CVSS1.3AI score0.005EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2015/10/05 9:31 a.m.9 views

SUSE-SU-2015:1889-1 Security update for ruby19

ruby19 was updated to fix two security issues. The following vulnerabilities were fixed: CVE-2015-1855: Ruby OpenSSL hostname verification was too permissive bsc926974. CVE-2009-5147: DL::dlopen could have loaded a library with tainted library name even if $SAFE 0 bsc939860...

7.5CVSS6.2AI score0.07766EPSS
Exploits0References5
Debian
Debian
added 2015/08/26 12:22 p.m.33 views

[SECURITY] [DLA 299-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.302-2squeeze5 CVE ID : CVE-2009-5147 "sheepman" fixed a vulnerability in Ruby 1.8: DL::dlopen could open a library with tainted name even if $SAFE 0. For Debian 6 “Squeeze”, this issue has been fixed in ruby1.8 1.8.7.302-2squeeze5...

7.5CVSS6.6AI score0.07766EPSS
Exploits0
Rows per page
Query Builder