Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0325

Malware in sbrugna...

6.5CVSS6.9AI score0.01571EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2022/05/26 12:0 a.m.39 views

Debian DLA-3023-1 : puma - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3023 advisory. Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not alwa...

8CVSS6.4AI score0.02487EPSS
Exploits0References10
CBLMariner
CBLMariner
added 2021/06/09 3:50 a.m.34 views

CVE-2020-5247 affecting package ruby 2.6.3-3

CVE-2020-5247 affecting package ruby 2.6.3-3. An upgraded version of the package is available that resolves this issue...

7.5CVSS7AI score0.02487EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.98507EPSS
Exploits40References10
OSV
OSV
added 2020/07/28 3:54 p.m.7 views

SUSE-SU-2020:2060-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 jscSLE-6965: - Add CVE-2020-11077.patch bsc1172175, CVE-2020-11077 - Add CVE-2020-11076.patch bsc1172176, CVE-2020-11076 - Add CVE-2020-5247.patch bsc1165402 'Fixes a problem where we were not...

7.5CVSS7.6AI score0.03977EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2020/04/12 12:0 a.m.29 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.46 views

Fedora 31 : rubygem-puma (2020-fd87f90634)

Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

7.5CVSS7.2AI score0.02487EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.48 views

Fedora 30 : rubygem-puma (2020-08092b4c97)

Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

7.5CVSS7.2AI score0.02487EPSS
Exploits0References3
OSV
OSV
added 2020/03/03 11:33 p.m.34 views

GHSA-33VF-4XGG-9R58 HTTP Response Splitting (Early Hints) in Puma

Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...

6.5CVSS6.7AI score0.01571EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2020/03/03 11:33 p.m.145 views

HTTP Response Splitting (Early Hints) in Puma

Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...

6.5CVSS6.6AI score0.01571EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2020/03/03 5:17 a.m.38 views

HTTP Response Splitting

puma is vulnerable to HTTP response splitting. The attack exist because it does not properly handle the CRLF carriage feed or line return characters injection in early hints response header, allowing an attacker to inject CRLF to end the the HTTP response header and manipulate with malicious...

7.5CVSS1AI score0.02487EPSS
Exploits0References12Affected Software1
RubySec
RubySec
added 2020/03/03 12:0 a.m.43 views

HTTP Response Splitting (Early Hints) in Puma

Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...

7.5CVSS6.4AI score0.02487EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/03/02 4:15 p.m.36 views

Cross site scripting

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

4CVSS6.5AI score0.02487EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2020/02/28 5:15 p.m.30 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS7.3AI score0.04569EPSS
Exploits0References7
NVD
NVD
added 2020/02/28 5:15 p.m.28 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.4AI score0.02487EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2020/02/28 5:15 p.m.42 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.6AI score0.02487EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2020/02/28 4:55 p.m.59 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.8AI score0.02487EPSS
Exploits0
CVE
CVE
added 2020/02/28 4:55 p.m.306 views

CVE-2020-5247

CVE-2020-5247 is a HTTP Response Splitting vulnerability affecting Puma (RubyGem) in versions prior to 4.3.2 and 3.12.3 when untrusted input reaches response headers. An attacker could inject CR/LF sequences to terminate a header and inject new headers or a response body. The issue is mitigated b...

7.5CVSS6.7AI score0.02487EPSS
Exploits0References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/01/18 12:0 a.m.170 views

Photon OS 3.0: Ruby PHSA-2020-3.0-0047

An update of the ruby package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0047. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133068;...

8.1CVSS8AI score0.05128EPSS
Exploits1References5
Rows per page
Query Builder