Lucene search
K

6 matches found

Mageia
Mageia
added 2015/09/08 5:55 p.m.41 views

Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS8.2AI score0.08934EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/08/25 5:0 p.m.33 views

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

6.4AI score0.03461EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2015/08/25 5:0 p.m.47 views

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

4.3CVSS8.2AI score0.03461EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/08/24 2:16 p.m.43 views

Important: Red Hat Security Advisory: rh-ruby22-ruby security update

Updated rh-ruby22-ruby packages that fix one security issue are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5CVSS6.7AI score0.08934EPSS
Exploits0References2
RubySec
RubySec
added 2015/05/14 12:0 a.m.31 views

CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a...

5CVSS7.9AI score0.08934EPSS
Exploits0References1Affected Software1
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.24 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder