12 matches found
EUVD-2022-4435
Malicious code in bioql PyPI...
RHEL 6 : rubygem-bundler (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-bundler: Code execution via gem name collision in bundler CVE-2016-7954 Note that Nessus has not tested for...
SUSE CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
Design/Logic Flaw
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
CVE-2016-7954 affects Bundler 1.x, where a gem name collision on a secondary source can enable remote code execution in a Ruby application. The issue arises from multiple top-level source lines allowing a malicious gem with the same name as a legitimate gem to be pulled from a different source, a...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...
CVE-2016-7954
Removed by vendor...
Bundler Code Execution Vulnerability
Bundler is a system developed in C and C++ called sfm structure-from-motion, which is capable of reconstructing 3D models from unordered collections of images e.g., from the Web. There is a security vulnerability in Bundler that allows an attacker to execute arbitrary code on an application by...
CVE-2016-7954
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...