Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2019/10/08 4:44 a.m.38 views

CVE-2017-17790

The "lazyinitialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands...

9.8CVSS3.8AI score0.04656EPSS
Exploits1References1
Veracode
Veracodeadded 2019/05/16 2:49 a.m.26 views

Command Injection

Ruby is vulnerable to command injection attacks. This is because lazyinitialize function in lib/resolv.rb do not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands...

9.8CVSS9.7AI score0.04656EPSS
Exploits1References11Affected Software3
Tenable Nessus
Tenable Nessusadded 2019/05/14 12:0 a.m.37 views

EulerOS Virtualization for ARM 64 3.0.1.0 : ruby (EulerOS-SA-2019-1407)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A...

9.8CVSS8AI score0.88646EPSS
Exploits14References12
Tenable Nessus
Tenable Nessusadded 2018/03/01 12:0 a.m.29 views

Scientific Linux Security Update : ruby on SL7.x x86_64 (20180228)

Security Fixes : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into...

9.8CVSS7.9AI score0.88646EPSS
Exploits14References12
Mageia
Mageiaadded 2017/12/31 3:51 p.m.37 views

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

9.8CVSS2.9AI score0.88646EPSS
Exploits6References2
UbuntuCve
UbuntuCveadded 2017/12/20 12:0 a.m.32 views

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS6.8AI score0.04656EPSS
Exploits1References3
CNVD
CNVDadded 2017/12/20 12:0 a.m.2 views

Ruby 'lazy_initialize' function command injection vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A command injection vulnerability exists in the 'lazyinitialize' function in the lib/resolv.rb file in Ruby 2.4.3 and earlier versions. An attacker can...

9.8CVSS7.6AI score0.04656EPSS
Exploits1References1
Rows per page
Query Builder