15 matches found
RHEL 7 / 8 : Satellite 6.11.4 Async Security Update (Important) (RHSA-2022:7242)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7242 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...
OESA-2024-1399 rubygem-tzinfo security update
TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...
Satellite 6.13 Release
An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...
Debian: Security Advisory (DLA-3077-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3077-1] ruby-tzinfo security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3077-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 18, 2022 https://wiki.debian.org/LTS -...
Debian DLA-3077-1 : ruby-tzinfo - LTS security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3077 advisory. - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior ...
SUSE-SU-2022:2765-1 Security update for rubygem-tzinfo
This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files bsc1201835...
openSUSE: Security Advisory for rubygem-tzinfo (SUSE-SU-2022:2592-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : rubygem-tzinfo (SUSE-SU-2022:2592-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2592-1 advisory. - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to...
CVE-2022-31163
A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...
CVE-2022-31163
CVE-2022-31163 affects the TZInfo Ruby library. The vulnerability arises when TZInfo::Timezone.get validates time zone identifiers, allowing a newline in the identifier to cause relative path traversal and, with Ruby 1.9.3+, loading unintended files via require. Affected versions are TZInfo prior...