Lucene search
K

65 matches found

0day.today
0day.today
added 2018/07/03 12:0 a.m.118 views

extjs getTip() Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications A XSS vulnerability exists in the getTip method of Action Columns. The Ext JS framework brings no built-in XSS protection, meaning that developers are responsible for sanitizing their output. However. the method above takes HTML-escaped data a...

6.4AI score0.67014EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.6 views

ruby: dlopen could open a library with tainted library name

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

8.4CVSS7.5AI score0.005EPSS
Exploits0References3
seebug.org
seebug.org
added 2017/10/20 12:0 a.m.71 views

Ruby Fiddle::Function.new Heap Overflow Vulnerability(CVE-2016-2339)

DESCRIPTION An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args...

7.5CVSS9.4AI score0.05187EPSS
Exploits2
Mageia
Mageia
added 2017/08/20 9:10 a.m.56 views

Updated ruby packages fix security vulnerabilities

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. CVE-2015-9096 Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this...

9.8CVSS8.6AI score0.06204EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2017/07/26 12:0 a.m.45 views

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3365-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3365-1 advisory. It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries wit...

9.8CVSS7.6AI score0.07766EPSS
Exploits6References8
OSV
OSV
added 2017/07/25 5:52 p.m.4 views

USN-3365-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. CVE-2009-5147 Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenS...

9.8CVSS6.9AI score0.07766EPSS
Exploits6References8
Ubuntu
Ubuntu
added 2017/07/25 5:52 p.m.90 views

USN-3365-1: Ruby vulnerabilities

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. CVE-2009-5147 Tony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenS...

9.8CVSS7.5AI score0.07766EPSS
Exploits6
BDU FSTEC
BDU FSTEC
added 2017/07/14 12:0 a.m.9 views

The vulnerability of the Fiddle::Function.new “initialize” method in the Ruby interpreter allows a hacker to cause a service failure.

The vulnerability of the Fiddle::Function.new “initialize” method in the Ruby interpreter arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or overflow the buffer due to changes in...

7.5CVSS8.1AI score0.05187EPSS
Exploits2References2Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2017/04/28 6:11 p.m.44 views

Security update for ruby2.1 (important)

This ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed: - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new"initialize" bsc1018808 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 - CVE-2015-3900: hostname validation does...

7.5CVSS1.4AI score0.08934EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2017/04/07 12:0 a.m.54 views

SUSE SLES11 Security Update : ruby (SUSE-SU-2017:0948-1)

This update for ruby fixes the following issues: Secuirty issues fixed : - CVE-2015-1855: Ruby OpenSSL Hostname Verification bsc926974 - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL bsc959495 Bugfixes : - fix small mistake in the backport for bsc986630 Note that Tenable Network...

8.4CVSS7AI score0.02815EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2017/03/29 12:0 a.m.40 views

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

7.5CVSS6.8AI score0.07766EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2017/01/12 2:50 p.m.34 views

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

9.8CVSS2.2AI score0.05187EPSS
Exploits2References1
Snyk
Snyk
added 2017/01/06 9:59 p.m.4 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array...

9.8CVSS7.4AI score0.05187EPSS
Exploits2References2
Prion
Prion
added 2017/01/06 9:59 p.m.20 views

Heap overflow

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

7.5CVSS7.3AI score0.05187EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2017/01/06 9:59 p.m.19 views

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

9.8CVSS9.2AI score0.05187EPSS
Exploits2References3
OSV
OSV
added 2017/01/06 9:59 p.m.24 views

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

9.8CVSS7.1AI score
Exploits0References3
Cvelist
Cvelist
added 2017/01/06 9:0 p.m.38 views

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

7.7AI score0.05187EPSS
Exploits2References3
CVE
CVE
added 2017/01/06 9:0 p.m.145 views

CVE-2016-2339

CVE-2016-2339 involves an exploitable heap overflow in Ruby’s Fiddle::Function.new initialize. The heap buffer arg_types allocation is sized based on the length of the args array; a specially crafted object inside the args array can increase the array size after allocation, causing a heap overflo...

9.8CVSS7.5AI score0.05187EPSS
Exploits2References3Affected Software1
Debian CVE
Debian CVE
added 2017/01/06 9:0 p.m.54 views

CVE-2016-2339

Removed by vendor...

9.8CVSS8.8AI score0.05187EPSS
Exploits2
OSV
OSV
added 2017/01/06 12:0 a.m.5 views

UBUNTU-CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

9.8CVSS7.6AI score0.05187EPSS
Exploits2References4
Rows per page
Query Builder