Lucene search
K

209 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.71 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-4882-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4882-1 advisory. It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into...

7.5CVSS7.9AI score0.06811EPSS
Exploits1References4
Prion
Prion
added 2021/03/08 5:15 p.m.19 views

Design/Logic Flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

5CVSS7.3AI score0.02252EPSS
Exploits4References3Affected Software1
RedHat Linux
RedHat Linux
added 2021/01/18 4:22 p.m.6 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/01/18 10:2 a.m.38 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/12/22 9:27 a.m.9 views

postgresql: Multiple features escape "security restricted operation" sandbox

A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

8.8CVSS7.4AI score0.4644EPSS
Exploits0References6
OSV
OSV
added 2020/11/16 1:15 a.m.3 views

DEBIAN-CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS8.1AI score0.4644EPSS
Exploits0References1
OSV
OSV
added 2020/11/13 12:0 a.m.6 views

UBUNTU-CVE-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS6.9AI score0.4644EPSS
Exploits0References4
OSV
OSV
added 2020/10/16 11:15 p.m.3 views

CVE-2020-16935

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

7.8CVSS7.3AI score0.01003EPSS
Exploits0References1
CVE
CVE
added 2020/10/16 10:17 p.m.265 views

CVE-2020-16916

CVE-2020-16916 is a Windows elevation-of-privilege flaw in the COM server object creation path. The root cause is Windows handling of COM object creation, allowing an attacker who can log on to run a specially crafted application that exploits the vulnerability to gain elevated code execution. Mi...

7.8CVSS8.2AI score0.00976EPSS
In wildExploits0References1Affected Software8
ATTACKERKB
ATTACKERKB
added 2020/10/16 12:0 a.m.68 views

CVE-2020-16916

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An...

7.8CVSS7.8AI score0.00976EPSS
In wildExploits0References2
CNVD
CNVD
added 2020/10/16 12:0 a.m.10 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-11039)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server,...

7.8CVSS9AI score0.01003EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/10/14 12:0 a.m.35 views

Microsoft Windows Multiple Vulnerabilities (KB4580327)

This host is missing a critical security update according to Microsoft KB4580327 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.2AI score0.94243EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2020/09/28 12:0 a.m.106 views

EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause...

8.1CVSS7.4AI score0.06811EPSS
Exploits1References6
Amazon
Amazon
added 2020/08/31 12:0 a.m.89 views

Medium: ruby19, ruby21

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.1AI score0.13911EPSS
Exploits0
Amazon
Amazon
added 2020/08/31 12:0 a.m.89 views

Medium: rubygem-json

Issue Overview: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, u...

7.5CVSS7.1AI score0.13911EPSS
Exploits0
Amazon
Amazon
added 2020/08/31 12:0 a.m.100 views

Important: ruby24

Issue Overview: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.1CVSS7.3AI score0.29726EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.47 views

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References3
OSV
OSV
added 2020/08/20 8:15 a.m.9 views

CVE-2020-10289

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib...

8.8CVSS8.9AI score
Exploits0References2
OSV
OSV
added 2020/07/27 6:8 p.m.57 views

GHSA-JPHG-QWRW-7W9G Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

7.5CVSS6.8AI score0.06811EPSS
Exploits0References23
Github Security Blog
Github Security Blog
added 2020/07/27 6:8 p.m.86 views

Unsafe object creation in json RubyGem

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...

7.5CVSS2.3AI score0.06811EPSS
Exploits0References23Affected Software1
Rows per page
Query Builder