Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-0902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and...

8.1CVSS7.2AI score0.0475EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.50 views

K01730454: Ruby vulnerabilities CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, and CVE-2017-0902

Security Advisory Description CVE-2017-0899 RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. CVE-2017-0900 RubyGems version 2.6.12 and earlie...

9.8CVSS7.3AI score0.29442EPSS
Exploits5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.29 views

Mageia: Security Advisory (MGASA-2017-0482)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.29442EPSS
Exploits6References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2020:1570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.73927EPSS
Exploits22References43
Ubuntu
Ubuntu
added 2021/03/25 3:43 p.m.154 views

USN-3685-2: Ruby regression

USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...

9.8CVSS7.8AI score0.15853EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.39 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.73927EPSS
Exploits14References2
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.49 views

Ubuntu: Security Advisory (USN-3553-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9AI score0.29442EPSS
Exploits4References2
Debian
Debian
added 2018/07/14 6:28 a.m.60 views

[SECURITY] [DLA 1421-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u4 CVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777...

9.8CVSS7.4AI score0.73927EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2018/03/01 12:0 a.m.77 views

RHEL 7 : ruby (RHSA-2018:0378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References24
Tenable Nessus
Tenable Nessus
added 2018/03/01 12:0 a.m.38 views

Oracle Linux 7 : ruby (ELSA-2018-0378)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0378 advisory. - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo ...

9.8CVSS7.8AI score0.73927EPSS
Exploits14References12
Oracle linux
Oracle linux
added 2018/02/28 12:0 a.m.59 views

ruby security update

2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...

9.8CVSS9.8AI score0.73927EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2018/02/01 12:0 a.m.42 views

Ubuntu 16.04 LTS : Ruby vulnerabilities (USN-3553-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3553-1 advisory. It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any...

9.8CVSS7.9AI score0.29442EPSS
Exploits4References4
Ubuntu
Ubuntu
added 2018/01/31 2:11 p.m.65 views

USN-3553-1: Ruby vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...

9.8CVSS7.8AI score0.29442EPSS
Exploits4
Hacker One
Hacker One
added 2017/10/04 4:6 a.m.45 views

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.13 and earlier

We received this report via security@ from [email protected], I'm filing here for tracking and visibility purposes... "I was looking at commit 8d91516fb7037ecfb27622f605dc40245e0f8d32, which was the fix for the DNS hijacking issue CVE-2017-0902. The function still handles the DNS response in ...

6.8CVSS0.4AI score0.0475EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.54 views

Slackware 14.2 / current : ruby (SSA:2017-261-03)

New ruby packages are available for Slackware 14.2 and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-03. The text itself is copyright C Slackware...

9.8CVSS6.8AI score0.29442EPSS
Exploits7References9
OpenVAS
OpenVAS
added 2017/09/16 12:0 a.m.31 views

Fedora Update for ruby FEDORA-2017-e136d63c99

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9AI score0.29442EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2017/09/04 12:0 a.m.65 views

Debian: Security Advisory (DSA-3966-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.29442EPSS
Exploits8References3
OSV
OSV
added 2017/08/31 8:29 p.m.28 views

CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS9.2AI score
Exploits0References14
Debian CVE
Debian CVE
added 2017/08/31 8:0 p.m.27 views

CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

8.1CVSS9AI score0.0475EPSS
Exploits1
CVE
CVE
added 2017/08/31 8:0 p.m.171 views

CVE-2017-0902

CVE-2017-0902 is the RubyGems DNS hijacking vulnerability affecting RubyGems 2.6.12 and earlier. The issue allows a MITM attacker to redirect the RubyGems client to download and install gems from a server the attacker controls. Public advisories (e.g., ALAS-2017-915) document the vulnerability cl...

8.1CVSS8.2AI score0.0475EPSS
Exploits1References14Affected Software1
Rows per page
Query Builder