Lucene search
K

7 matches found

Debian CVE
Debian CVE
added 2013/03/01 2:0 a.m.31 views

CVE-2013-0162

Removed by vendor...

2.1CVSS6.7AI score0.00343EPSS
Exploits1
CVE
CVE
added 2013/03/01 2:0 a.m.85 views

CVE-2013-0162

CVE-2013-0162 affects the ruby_parser gem (diff_pp function in lib/gauntlet_rubyparser.rb) and earlier 3.1.1, where temporary file handling in /tmp is insecure. This allows a local attacker to craft a symlink attack that can overwrite arbitrary files accessible to the Ruby process. The vulnerabil...

2.1CVSS6.2AI score0.00343EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.51 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.1 update

Red Hat OpenShift Enterprise 1.1.1 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in...

7.5CVSS6.8AI score0.08245EPSS
Exploits14References28
seebug.org
seebug.org
added 2013/02/28 12:0 a.m.55 views

RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162)

Bugtraq ID:58110 CVE ID: CVE-2013-0162 RubyGems简称 gems是一个用于对Rails组件进行打包的Ruby打包系统。 rubyparser ruby gem没有以安全的方式创建临时文件,/usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb的diffpp函数创建的/tmp/a.pid和/tmp/b.pid临时文件可被猜测,通过符号链接攻击可覆盖系统文件或更改目标系统文件内容,造成拒绝服务或可提升权限。 0 RubyGems 厂商解决方案...

2.1CVSS6.4AI score0.00343EPSS
Exploits1
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.58 views

CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...

2.1CVSS0.3AI score0.00343EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/02/21 7:4 p.m.54 views

Important: Red Hat Security Advisory: Subscription Asset Manager 1.2 update

Red Hat Subscription Asset Manager 1.2, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

5.5CVSS7.2AI score0.03778EPSS
Exploits1References107
RubySec
RubySec
added 2013/02/21 12:0 a.m.22 views

CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

2.1CVSS6.1AI score0.00343EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder