Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2015-3900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows...

5CVSS7.4AI score0.08934EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1050)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.08934EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.08934EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2017/04/29 12:0 a.m.35 views

openSUSE: Security Advisory for ruby2.1 (openSUSE-SU-2017:1128-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS6.5AI score0.08934EPSS
Exploits2References1
OPENSUSE Linux
OPENSUSE Linux
added 2017/04/28 6:11 p.m.44 views

Security update for ruby2.1 (important)

This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...

7.5CVSS1.4AI score0.08934EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2017/04/21 12:0 a.m.66 views

SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)

This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed : - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation doe...

9.8CVSS7.4AI score0.08934EPSS
Exploits2References20
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2015-0345)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9AI score0.08934EPSS
Exploits0References4
Mageia
Mageia
added 2015/09/08 5:55 p.m.40 views

Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS8.2AI score0.08934EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.24 views

Amazon Linux: Security Advisory (ALAS-2015-548)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.08934EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.31 views

Amazon Linux: Security Advisory (ALAS-2015-547)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.08934EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.28 views

Amazon Linux: Security Advisory (ALAS-2015-549)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.08934EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/08/20 12:0 a.m.26 views

Fedora Update for rubygems FEDORA-2015-13157

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9AI score0.08934EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/20 12:0 a.m.35 views

Fedora 21 : rubygems-2.2.5-100.fc21 (2015-13157)

Update to RubyGems 2.2.5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

5CVSS7.5AI score0.08934EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/08/11 12:0 a.m.39 views

Fedora Update for rubygems FEDORA-2015-12574

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9AI score0.08934EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/11 12:0 a.m.38 views

Fedora 23 : rubygems-2.4.8-100.fc23 (2015-12501)

Update to RubyGems 2.4.8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

5CVSS7.5AI score0.08934EPSS
Exploits0References3
CVE
CVE
added 2015/06/24 2:0 p.m.103 views

CVE-2015-3900

Vulnerability summary: CVE-2015-3900 affects RubyGems 2.0.x up to 2.0.16, 2.2.x up to 2.2.4, and 2.4.x up to 2.4.7. It does not validate hostnames when fetching gems or API requests, enabling a remote attacker to redirect requests to arbitrary domains via a crafted DNS SRV record (DNS hijack atta...

5CVSS6.3AI score0.08934EPSS
Exploits0References11Affected Software1
ThreatPost
ThreatPost
added 2015/06/23 9:55 a.m.26 views

RubyGems Patches Serious Redirection Vulnerability

RubyGems make life easier for developers to distribute software to users. A vulnerability in the Ruby package manager could make life easier for hackers to redirect victims to trouble. Disclosed today by researchers at Trustwave and OpenDNS, the vulnerability, CVE-2015-3900, enables an attacker t...

5CVSS0.2AI score0.08934EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.29 views

Amazon Linux AMI : ruby20 (ALAS-2015-547)

RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...

5CVSS7.8AI score0.08934EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.37 views

Amazon Linux AMI : ruby21 (ALAS-2015-548)

RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...

5CVSS7.8AI score0.08934EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.36 views

Amazon Linux AMI : ruby22 (ALAS-2015-549)

RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...

5CVSS7.8AI score0.08934EPSS
Exploits0References4
Rows per page
Query Builder