Lucene search
K

215 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/22 12:0 a.m.29 views

GLSA-202406-03 : RDoc: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202406-03 RDoc: Remote Code Execution A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Linux...

4.5CVSS6.9AI score0.01571EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2024/06/17 2:24 p.m.38 views

USN-6838-1: Ruby vulnerabilities

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2024-27281 It was discovered that the Ruby regex...

6.6CVSS7.3AI score0.01571EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.29 views

Rocky Linux 9 : ruby:3.3 (RLSA-2024:3671)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.02364EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/06/11 7:56 p.m.8 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.22 views

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...

9.8CVSS7.3AI score0.02364EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2024/06/07 12:0 a.m.46 views

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex searc...

9.8CVSS7.5AI score0.02364EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/06/06 2:3 p.m.3 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/06 9:32 a.m.12 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/06 9:5 a.m.4 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2024/06/06 12:0 a.m.27 views

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871...

9.8CVSS6.8AI score0.02364EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/06/06 12:0 a.m.33 views

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37699 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex searc...

9.8CVSS6.5AI score0.02364EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/06 12:0 a.m.132 views

Ruby < 3.0.7 / 3.1.x < 3.1.5 / 3.2.x < 3.2.4 / 3.3.x < 3.3.1 RCE

The version of Ruby installed on the remote host is prior to 3.0.7, 3.1.5, 3.2.4, or 3.3.1. It is, therefore, affected by a vulnerability as referenced in the rce-rdoc-cve-2024-27281 advisory. - An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When...

4.5CVSS7.7AI score0.01571EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/03 6:41 p.m.5 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/30 1:22 p.m.2 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
NVD
NVD
added 2024/05/14 3:11 p.m.22 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS6.6AI score0.01571EPSS
Exploits0References5
OSV
OSV
added 2024/05/14 3:11 p.m.29 views

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.5AI score0.01571EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 3:11 p.m.6 views

ALPINE-CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.4AI score0.01571EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:11 p.m.10 views

AZL-40675 CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.3AI score0.01571EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:11 p.m.2 views

DEBIAN-CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.3AI score0.01571EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:11 p.m.8 views

AZL-40523 CVE-2024-27281 affecting package ruby for versions less than 3.3.3-1

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS7.3AI score0.01571EPSS
Exploits0References1
Rows per page
Query Builder