Lucene search
K

20 matches found

OSV
OSV
added 2023/08/31 12:14 p.m.0 views

BELL-CVE-2017-14064 CVE-2017-14064 does not affect BellSoft software

Bulletin has no description...

9.8CVSS5.8AI score0.09445EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2017-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.16412EPSS
Exploits2References10
Ubuntu
Ubuntu
added 2021/03/25 3:43 p.m.154 views

USN-3685-2: Ruby regression

USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem. Original advisory details: Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discover...

9.8CVSS7.8AI score0.15853EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.39 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.2AI score0.73927EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2018/07/17 12:0 a.m.90 views

macOS 10.13.x < 10.13.6 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6. It is, therefore, affected by multiple vulnerabilities. Note that successful exploitation of the most serious issues can result in arbitrary code execution. C Tenable Network Security, Inc...

10CVSS7.7AI score0.73927EPSS
Exploits10References36
Debian
Debian
added 2018/07/14 6:28 a.m.61 views

[SECURITY] [DLA 1421-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u4 CVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914 CVE-2018-8777...

9.8CVSS7.4AI score0.73927EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2018/03/01 12:0 a.m.77 views

RHEL 7 : ruby (RHSA-2018:0378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References24
Tenable Nessus
Tenable Nessus
added 2018/03/01 12:0 a.m.38 views

Oracle Linux 7 : ruby (ELSA-2018-0378)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0378 advisory. - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo ...

9.8CVSS7.8AI score0.73927EPSS
Exploits14References12
Oracle linux
Oracle linux
added 2018/02/28 12:0 a.m.59 views

ruby security update

2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...

9.8CVSS9.8AI score0.73927EPSS
Exploits14
Ubuntu
Ubuntu
added 2018/01/10 2:22 p.m.75 views

USN-3528-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-10784 It was discovered that Ruby incorrectly handled...

9.8CVSS7.8AI score0.16412EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2017/10/18 12:0 a.m.35 views

GLSA-201710-18 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201710-18 Ruby: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code, cause a Denial of...

9.8CVSS7.6AI score0.16412EPSS
Exploits4References6
Debian
Debian
added 2017/09/26 9:16 p.m.49 views

[SECURITY] [DLA 1114-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u6 CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Debian Bug : 873802 873906 875928 875931 875936 Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buff...

9.8CVSS9.4AI score0.29442EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.45 views

FreeBSD : ruby -- multiple vulnerabilities (95b01379-9d52-11e7-a25c-471bafc3262f)

Ruby blog : CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

9.8CVSS7.1AI score0.16412EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.54 views

Slackware 14.2 / current : ruby (SSA:2017-261-03)

New ruby packages are available for Slackware 14.2 and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-03. The text itself is copyright C Slackware...

9.8CVSS6.8AI score0.29442EPSS
Exploits7References9
OpenVAS
OpenVAS
added 2017/09/16 12:0 a.m.31 views

Fedora Update for ruby FEDORA-2017-e136d63c99

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9AI score0.29442EPSS
Exploits6References2
FreeBSD
FreeBSD
added 2017/09/14 12:0 a.m.39 views

ruby -- multiple vulnerabilities

Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

9.8CVSS9.4AI score0.16412EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2017/09/04 12:0 a.m.65 views

Debian: Security Advisory (DSA-3966-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.29442EPSS
Exploits8References3
NVD
NVD
added 2017/08/31 5:29 p.m.21 views

CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...

9.8CVSS9.4AI score0.09445EPSS
Exploits1References16
CVE
CVE
added 2017/08/31 5:0 p.m.216 views

CVE-2017-14064

CVE-2017-14064 affects Ruby before the fixed versions: Ruby 2.2.7 and earlier (2.2.x), 2.3.0–2.3.4, and 2.4.0–2.4.1. Root cause is a strdup-based bug in ext/json/ext/generator/generator.c that stops at the first NUL byte, returning a string of length zero while space_len indicates otherwise, expo...

9.8CVSS7.3AI score0.09445EPSS
Exploits1References16Affected Software1
UbuntuCve
UbuntuCve
added 2017/08/31 12:0 a.m.29 views

CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...

9.8CVSS6.8AI score0.09445EPSS
Exploits1References6
Rows per page
Query Builder