Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-11027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers...

10CVSS8.2AI score0.02968EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/03/06 4:11 p.m.19 views

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

10CVSS2.8AI score0.02968EPSS
Exploits0References3
Debian
Debian
added 2019/10/11 5:15 a.m.119 views

[SECURITY] [DLA 1956-1] ruby-openid security update

Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...

10CVSS9.3AI score0.02968EPSS
Exploits0
NVD
NVD
added 2019/06/10 7:29 p.m.21 views

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

10CVSS9.4AI score0.02968EPSS
Exploits0References4
OSV
OSV
added 2019/06/10 7:29 p.m.21 views

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

9.8CVSS6.6AI score
Exploits0References4
CVE
CVE
added 2019/06/10 6:57 p.m.126 views

CVE-2019-11027

Ruby OpenID (ruby-openid) up to version 2.8.0 contains a remote SSRF vulnerability in the OpenID discovery/verification flow. Exploitation could cause the server to connect to an attacker-controlled URL, potentially leaking private information. Public advisories describe impact as remote, with hi...

10CVSS9.2AI score0.02968EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder