Lucene search
K

53 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.200 views

Ruby on Rails JSON Processor Floating Point Heap Overflow Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor Floating Point Heap Overflow DoS', 'Description' = %q When Ruby attempts to convert a string representation of a lar...

6.8CVSS7AI score0.34968EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.51 views

K15152: Ruby vulnerability CVE-2013-4164

Security Advisory Description Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is...

6.8CVSS8.2AI score0.34968EPSS
Exploits3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2014-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS4.3AI score0.34968EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2013:1828-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.2AI score0.34968EPSS
Exploits46References2
Veracode
Veracode
added 2019/05/02 5:1 a.m.42 views

Arbitrary Code Execution

Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve...

7.5CVSS7.1AI score0.34968EPSS
Exploits3References8Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:16 p.m.30 views

Security Bulletin: IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language (CVE-2013-4492, CVE-2013-4164)

Summary IBM Security Network Protection System can be affected by vulnerabilities in Ruby on Rails and the Ruby language. These vulnerabilities include obtaining sensitive information, executing arbitrary code on the system or causing the application to crash. Vulnerability Details VULNERABILITY...

6.8CVSS0.9AI score0.34968EPSS
Exploits3Affected Software1
Circl
Circl
added 2018/05/29 3:50 p.m.6 views

CVE-2013-4164

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/railsjsonfloatdos.rb 2025-02-06 03:13:41+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:19+00:00| seen|...

6.8CVSS7.2AI score0.34968EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.22 views

Oracle: Security Advisory (ELSA-2013-1764)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.7AI score0.34968EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.29 views

Amazon Linux: Security Advisory (ALAS-2013-248)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.7AI score0.34968EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.31 views

Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service...

6.8CVSS8.1AI score0.34968EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.26 views

Oracle Solaris Third-Party Patch Update : ruby (multiple_vulnerabilities_in_ruby1)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service...

6.8CVSS8AI score0.34968EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2014/11/12 12:0 a.m.51 views

CentOS 6 : ruby (CESA-2013:1764)

Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.8CVSS8.1AI score0.34968EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.46 views

openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)

The following security issue was fixed in ruby19 : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-940. The text description of this plugin is C SUSE LLC...

6.8CVSS7.3AI score0.34968EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.27 views

openSUSE Security Update : ruby20 (openSUSE-SU-2013:1834-1)

the following security issue was fixed in ruby20 : - fix CVE-2013-4164: heap overflow in float point parsing bnc851803 The file CVE-2013-4164.patch contains the patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.8CVSS7.5AI score0.34968EPSS
Exploits3References3
securityvulns
securityvulns
added 2014/05/29 12:0 a.m.61 views

APPLE-SA-2014-15-20-1 OS X Server 3.1.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-15-20-1 OS X Server 3.1.2 OS X Server 3.1.2 is now available and addresses the following: Ruby Available for: OS X Mavericks 10.9.3 or later Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an...

6.8CVSS0.6AI score0.34968EPSS
Exploits3
F5 Networks
F5 Networks
added 2014/04/10 12:0 a.m.53 views

SOL15152 - Ruby vulnerability CVE-2013-4164

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

6.8CVSS2.7AI score0.34968EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2014/03/21 12:0 a.m.39 views

Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point...

6.8CVSS8AI score0.34968EPSS
Exploits6References15
RedHat Linux
RedHat Linux
added 2014/03/11 4:56 p.m.67 views

Critical: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, whic...

7.5CVSS7.3AI score0.34968EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2014/02/03 12:0 a.m.24 views

Fedora Update for ruby FEDORA-2013-22393

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.1AI score0.34968EPSS
Exploits3References2
Mageia
Mageia
added 2014/01/06 1:2 a.m.44 views

Updated ruby package fixes security vulnerability

Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitra...

6.8CVSS4.3AI score0.34968EPSS
Exploits3References4
Rows per page
Query Builder