Debian: Security Advisory (DLA-299-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K15683: Ruby vulnerability CVE-2013-4073

Security Advisory Description The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509...

SUSE CVE-2009-0642

ext/openssl/osslocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSPbasicverify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate...

CVE-2011-5331

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

[SECURITY] [DLA 1113-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u4 CVE ID : CVE-2017-0898 CVE-2017-10784 Debian Bug : 875931 875936 Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence...

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

DLA-299-1 ruby1.8 - security update

Bulletin has no description...

DSA-2809-1 ruby1.8 - several

Bulletin has no description...

CVE-2013-4164

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

CVE-2013-4073

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

Ruby on Rails JSON Processor YAML Deserialization Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability

Overview The Ruby on Rails 3.0 and 2.3 JSON parser contain a vulnerability that may result in arbitrary code execution. Description The Ruby on Rails advisory states:There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitra...

Ruby On Rails XML Processor YAML Deserialization Code Execution

This Metasploit module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the...

[USN-1603-1] Ruby vulnerabilities

========================================================================== Ubuntu Security Notice USN-1603-1 October 10, 2012 ruby1.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

Mandrake Security Advisory MDVSA-2009:193 (ruby)

The remote host is missing an update to ruby announced via advisory MDVSA-2009:193. OpenVAS Vulnerability Test $Id: mdksa2009193.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:193 ruby Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Design/Logic Flaw

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

ruby: Integer overflows in rb_ary_store()

Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...

CVE-2008-2664

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

CVE-2008-2726

CVE-2008-2726 is described in connected docs as an integer overflow in rb_ary_splice on Ruby 1.8.4 and earlier (and related 1.8.x lines) that allows context-dependent memory corruption. MiracleLinux AXSA-2008-86:01 explicitly includes CVE-2008-2726 among ruby issues and references the Real Alloc_...