526 matches found
The vulnerability of the Gem::UserInteraction module in the RubyGems package management system allows a hacker to compromise data integrity.
The vulnerability of the Gem::UserInteraction module in the RubyGems package management system is related to insufficient protection. Exploiting this vulnerability could allow a malicious actor to compromise data integrity by using a specially crafted escape sequence...
DEBIAN-CVE-2020-9366
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1932)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-2142
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator...
Code injection
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator...
CVE-2012-2142
CVE-2012-2142 affects Poppler up to version 0.21.4, where the error function in Error.cc can be abused by a crafted PDF containing an escape sequence for a terminal emulator to execute arbitrary commands. The vulnerability arises from improper handling of escape sequences in PDFs, enabling potent...
CVE-2012-2142
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator...
CVE-2009-5047
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...
PT-2019-6517 · Eclipse · Jetty
Name of the Vulnerable Software and Affected Versions: Jetty versions 6.x through 6.1.21 Description: The issue concerns an escape sequence injection vulnerability that can be exploited through two vectors: the "Cookie Dump Servlet" and the HTTP Content-Length header. Specifically, a POST request...
rubygems: Escape sequence injection vulnerability in errors
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
rubygems: Escape sequence injection vulnerability in gem owner
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...
rubygems: Escape sequence injection vulnerability in API response handling
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
CVE-2019-15846
An out-of-bounds write flaw was found in exim. The function fails to correctly handle situations when a backslash is the last character of the input string and incorrectly sets the pointer that is supposed to point to the last character of the escape sequence upon function exit. That leads to...
Amazon Linux AMI : ruby20 / ruby21, ruby24 (ALAS-2019-1255)
An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.CVE-2019-8322 An issue was discovered in RubyGems. Gem::GemcutterUtilitieswithresponse may output the...
ruby security update
2.0.0.648-36 - Introduce 'Gem::UserInteractionverbose' method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escape sequence injection vulnerability in verbose. - Fix escape sequence injection vulnerability in gem owner. Resolves: CVE-2019-8322 -...
NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0084)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ruby packages installed that are affected by multiple vulnerabilities: - An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout...
Important: ruby20, ruby21, ruby24
Issue Overview: An issue was discovered in RubyGems. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.CVE-2019-8322 An issue was discovered in RubyGems. Gem::GemcutterUtilitieswithresponse...
Amazon Linux 2 : ruby (ALAS-2019-1249)
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through...
EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-1718)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 - rubygems: Escape sequence injection vulnerability in gem...
OPENSUSE-SU-2019:1771-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5
This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: -...