EUVD-2022-4435

Malicious code in bioql PyPI...

Malicious code in a15z8my-name (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

RHEL 6 : rubygem-bundler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Code execution via gem name collision in bundler CVE-2016-7954 Note that Nessus has not tested for...

SUSE CVE-2013-0334

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source...

SUSE CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

The vulnerability of the Gem Name Handler component in the Bundler’s dependency management tool for Ruby applications relates to a lack of mechanisms for managing code generation. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Gem Name Handler component in the Bundler dependency management tool for Ruby applications relates to improper handling of gems with identical names. Exploiting this vulnerability can allow an attacker to gain access to sensitive data, compromise its integrity, and cause...

rubygems: Installing a malicious gem may lead to arbitrary code execution

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2019-8324

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

rubygems: Installing a malicious gem may lead to arbitrary code execution

A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...

rubygems: Arbitrary file overwrite due to incorrect validation of specification name

It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

Design/Logic Flaw

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

CVE-2016-7954 affects Bundler 1.x, where a gem name collision on a secondary source can enable remote code execution in a Ruby application. The issue arises from multiple top-level source lines allowing a malicious gem with the same name as a legitimate gem to be pulled from a different source, a...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

CVE-2016-7954

Removed by vendor...

Bundler Code Execution Vulnerability

Bundler is a system developed in C and C++ called sfm structure-from-motion, which is capable of reconstructing 3D models from unordered collections of images e.g., from the Web. There is a security vulnerability in Bundler that allows an attacker to execute arbitrary code on an application by...