ruby:3.1 security update

ruby 3.1.7-145 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55408 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-57051 - Fix DoS vulnerability in REXML. CVE-2024-43398 Resolves: RHEL-56002 3.1.5-144 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68520 3.1.5-143 - Upgra...

BIT-RUBY-MIN-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

ROS-20240723-03

Vulnerability of Ruby interpreter's Net::FTP class implementation is related to flaws in service data protection using the PASV command. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information. remotely, to gain unauthorized...

RHEL 6 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : perl (SUSE-SU-2024:1762-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1762-1 advisory. Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216 -...

SUSE-SU-2024:1762-1 Security update for perl

This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216 - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233 Non-security issue fixed: - make Net::FTP work with TLS 1.3 bsc1213638...

SUSE-SU-2024:1762-2 Security update for perl

This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pppack.c bsc1082216 - CVE-2018-6798: Fixed heap buffer overflow in regexec.c bsc1082233 Non-security issue fixed: - make Net::FTP work with TLS 1.3 bsc1213638...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...

RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2018:0584)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0584 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

BIT-RUBY-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

CentOS 9 : ruby-3.0.2-155.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ruby-3.0.2-155.el9 build changelog. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, whic...

LightFTP 1.1 Denial Of Service Exploit

!/usr/bin/perl use Net::FTP; Exploit Title: LightFTP 1.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 15 january 2024 Vendor Homepage: N/A Notification vendor: No reported Tested Version: LightFTP 1.1 Tested on: Window XP Professional - Service Pack 2 and 3 - English...

Femitter FTP Server 1.03 Denial Of Service

!/usr/bin/perl use Net::FTP; Exploit Title: Femitter FTP Server 1.03 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 08 january 2024 Vendor Homepage: https://acritum.com/ Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing...

Femitter FTP Server 1.03 Denial Of Service Exploit

!/usr/bin/perl use Net::FTP; Exploit Title: Femitter FTP Server 1.03 - Denial of Service DoS Discovery by: Fernando Mengali Vendor Homepage: https://acritum.com/ Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing Notification vendor: No reported...

Easy Chat Server 3.1 Denial Of Service

!/usr/bin/perl use Net::FTP; Exploit Title: Easy Chat Server 3.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 05 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1ZbfeaWSEKlpvCG1eUtD0vNnfkNz8PlE/view Notification vendor: No reported...

Easy File Sharing FTP Server 2.0 Denial Of Service

!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 2.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 04 january 2024 Download to demo: https://drive.google.com/drive/folders/1XISgBk4Zql8NzkWsrzAPOUEqbjJP4hZQ?usp=sharing Notification vendor: No report...

FTPDMIN 0.96 Denial Of Service

!/usr/bin/perl use Net::FTP; Exploit Title: FTPDMIN 0.96 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 2024-01-01 Vendor Homepage: https://www.sentex.ca/mwandel/ftpdmin/ Download to demo: https://drive.google.com/file/d/1CpfvaJbJVxR3HPWvcxIVipTaTj7RAaLd/view?usp=sharing...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

Fedora: Security Advisory for perl-CPAN (FEDORA-2023-46924e402a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...