23 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-3881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home...
RHEL 8 : 2.5_rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 No...
RHEL 8 : rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 No...
Ubuntu 18.04 ESM : Bundler vulnerability (USN-4870-1)
The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4870-1 advisory. It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for...
OESA-2021-1419 rubygem-bundler security update
Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably. Security Fixes: Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home...
Photon OS 4.0: Rubygem PHSA-2021-4.0-0060
An update of the rubygem package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0060. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
SUSE: Security Advisory (SUSE-SU-2020:1582-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gitlab -- multiple vulnerabilities
Gitlab reports: Ability to steal a user's API access token through GitLab Pages Prometheus denial of service via HTTP request with custom method Unauthorized user is able to access private repository information under specific conditions Regular expression denial of service in NuGet API Regular...
CVE-2019-3881
creationtimestamp| type| source ---|---|--- 2020-09-04 16:55:36+00:00| seen| https://t.me/cibsecurity/14482...
CVE-2019-3881
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...
CVE-2019-3881
CVE-2019-3881 affects Bundler prior to 2.1.0. The issue stems from an insecure, predictable temporary directory path in /tmp/ used to store gems when the user’s home directory is not writable. An attacker with local access could place a malicious file in this directory, which could later be loade...
openSUSE Security Update : rubygem-bundler (openSUSE-2020-803)
This update for rubygem-bundler fixes the following issue : - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive...
openSUSE Security Update : rubygem-bundler (openSUSE-2020-861)
This update for rubygem-bundler fixes the following issue : - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive...
SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-2)
This update for rubygem-bundler fixes the following issue : CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...
SUSE-SU-2020:1582-2 Security update for rubygem-bundler
This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436...
openSUSE: Security Advisory for rubygem-bundler (openSUSE-SU-2020:0861-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for rubygem-bundler (moderate)
openSUSE Security Update: Security update for rubygem-bundler Announcement ID: openSUSE-SU-2020:0861-1 Rating: moderate References: 1143436 Cross-References: CVE-2019-3881 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...
OPENSUSE-SU-2020:0861-1 Security update for rubygem-bundler
This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project...
SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-1)
This update for rubygem-bundler fixes the following issue : CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...
openSUSE: Security Advisory for rubygem-bundler (openSUSE-SU-2020:0803-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...