10 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-7954
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this...
RHEL 6 : rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Code execution via gem name collision in bundler CVE-2016-7954 Note that Nessus has not tested for...
RHEL 6 : rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Code execution via gem name collision in bundler CVE-2016-7954 Note that Nessus has not tested for...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
CVE-2016-7954 affects Bundler 1.x, where a gem name collision on a secondary source can enable remote code execution in a Ruby application. The issue arises from multiple top-level source lines allowing a malicious gem with the same name as a legitimate gem to be pulled from a different source, a...
CVE-2016-7954
Removed by vendor...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...