Fedora 44 : vim (2026-f5d072060b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f5d072060b advisory. patchlevel 148 ---- Security fixes for CVE-2026-28417, CVE-2026-28418, CVE-2026-28419, CVE-2026-28420, CVE-2026-28421, CVE-2026-28422 --- Security f...

Fedora 43 : vim (2026-7eaf665007)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7eaf665007 advisory. patchlevel 148 Security fix for CVE-2026-32249 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

Fedora 43 : vim (2026-7eda235f65)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7eda235f65 advisory. patchlevel 2146 Security fix for CVE-2026-25749 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

Fedora 39 : vim (2024-055adf8e6f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-055adf8e6f advisory. Security fix for CVE-2024-45306 ---- patchlevel 703 Security fixes for CVE-2024-43374, CVE-2024-43802 Tenable has extracted the preceding descriptio...

Fedora: Security Advisory (FEDORA-2024-bb4b6da0b6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : buildah (SUSE-SU-2023:4098-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4098-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

SUSE SLES12 Security Update : fwupdate (SUSE-SU-2022:2150-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2150-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

OTRS 5.x <= 5.0.31, 6.x <= 6.0.13 Data Loss Vulnerability

OTRS is prone to a data loss vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 II. BACKGROUND ------------------------- Silver Peak VX software marries the cost and flexibility benefits of virtualization with the performance gains associated wi...

Ruby: Ruby: Heap Overflow in Floating Point Parsing

Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values...

CVE-2013-2065

CVE-2013-2065 is a taint-check bypass in Ruby's DL and Fiddle native extensions. The initial description notes that Ruby 1.9.x up to 1.9.3 patchlevel 426 and Ruby 2.0 up to patchlevel 195 do not taint-check native functions, allowing context-dependent attackers to bypass safe-level restrictions. ...

Low: ruby19

Issue Overview: 1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Affected Packages: ruby19 Issue Correction: Run...

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

Ruby 安全级别限制绕过漏洞(CVE-2012-4466)

CVE ID:CVE-2012-4466 Ruby是一种为简单快捷的面向对象编程而创的脚本语言 Ruby 1.8.7 patchlevel 371之前版本，1.9.3patchlevel 286之前版本及Ruby 2.0 revision r37068之前版本存在安全漏洞，允许攻击者利用漏洞绕过安全级别限制，修改未污染字符串，如通过nameerrmesgtostr函数把字符串标记为污染。此漏洞不同于CVE-2011-1005 0 Ruby 1.8.7 Ruby 1.9.3 Ruby 2.0 厂商解决方案 用户可联系厂商获得相应的升级程序或补丁： http://www.ruby-lang....

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

Medium: ruby

Issue Overview: Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different...

Ruby name_err_mesg_to_str Method Safe Level Security Bypass

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

Ruby '#to_s' Security Bypass Vulnerability

This host is installed with Ruby and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbrubysecbypassvulnwin.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby "tos" Security Bypass Vulnerability Authors: Madhuri D Copyright: Copyright C 2011 Greenbone Networks GmbH,...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)

The following bugs have been fixed : An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. CVE-2009-4136 Embedded null bytes in the common na...