Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)

Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. CVE-2010-0541 Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bi...

Mandriva Linux Security Advisory : ruby (MDVSA-2011:097)

Multiple vulnerabilities have been identified and fixed in ruby : Cross-site scripting XSS vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page CVE-2010-0541. The...

Ruby 'FileUtils.remove_entry_secure()' Method Race Condition Vulnerability

This host is installed with Ruby and is prone to race condition vulnerability. OpenVAS Vulnerability Test $Id: gbrubyracecondvulnwin.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby 'FileUtils.removeentrysecure' Method Race Condition Vulnerability Authors: Madhuri D Copyright: Copyright C 2011...

CVE-2011-1004

The FileUtils.removeentrysecure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack...