Lucene search
K

36 matches found

UbuntuCve
UbuntuCve
added 2019/07/12 3:15 a.m.20 views

CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

7.8CVSS7.3AI score0.07639EPSS
Exploits1References5
OSV
OSV
added 2019/07/12 3:15 a.m.1 views

UBUNTU-CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

7.8CVSS7.3AI score0.07639EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2018/01/29 12:0 a.m.31 views

EulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1029)

According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a...

9.8CVSS7.2AI score0.73927EPSS
Exploits6References2
Mageia
Mageia
added 2017/12/31 3:51 p.m.44 views

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.8CVSS2.9AI score0.73927EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 2017/12/20 9:29 a.m.2 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS7.2AI score0.73927EPSS
Exploits6References10
Cvelist
Cvelist
added 2017/12/20 9:0 a.m.32 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

7.8AI score0.05913EPSS
Exploits1References9
CVE
CVE
added 2017/12/20 9:0 a.m.181 views

CVE-2017-17790

CVE-2017-17790 affects Ruby up to 2.4.3 and is caused by the lazy_initialize function in lib/resolv.rb calling Kernel#open, which may allow command injection. The vulnerability can be triggered by a Resolv::Hosts::new argument that begins with a leading '|' character. The description notes this i...

9.8CVSS8.8AI score0.05913EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2017/12/20 12:0 a.m.2 views

UBUNTU-CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS6.7AI score0.05913EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2017/12/20 12:0 a.m.34 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS6.8AI score0.05913EPSS
Exploits1References3
Prion
Prion
added 2017/12/15 9:29 a.m.65 views

Command injection

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.3CVSS9.1AI score0.73927EPSS
Exploits5References14Affected Software8
OSV
OSV
added 2017/12/15 9:29 a.m.34 views

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

8.8CVSS9.4AI score0.73927EPSS
Exploits5References14
AlpineLinux
AlpineLinux
added 2017/12/15 9:0 a.m.44 views

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.3CVSS7.9AI score0.73927EPSS
Exploits5
Cvelist
Cvelist
added 2017/12/15 9:0 a.m.26 views

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

7.6AI score0.73927EPSS
Exploits5References14
OSV
OSV
added 2017/12/15 12:0 a.m.4 views

UBUNTU-CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

8.8CVSS7.1AI score0.73927EPSS
Exploits5References6
RubySec
RubySec
added 2017/12/14 12:0 a.m.47 views

Command injection vulnerability in Net::FTP

There is a command injection vulnerability in Net::FTP bundled with Ruby. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the pipe character "|", the command following the pipe character is...

9.3CVSS7.1AI score0.73927EPSS
Exploits5References1Affected Software1
FreeBSD
FreeBSD
added 2017/12/14 12:0 a.m.31 views

ruby -- Command injection vulnerability in Net::FTP

Etienne Stalmans from the Heroku product security team reports: There is a command injection vulnerability in Net::FTP bundled with Ruby. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the pip...

9.3CVSS9.4AI score0.73927EPSS
Exploits5References1
Rows per page
Query Builder