Incorrect Default Permissions

kaminari is vulnerable to Incorrect Default Permissions. The vulnerability is due to improperly set file permissions that allow unauthorized write access to specific Ruby files managed by the library...

Kaminari 安全漏洞

Kaminari is a range-based pager. A security vulnerability exists in Kaminari versions prior to 0.16.2, which stems from an insecure file permission setting that could lead to unauthorized write access to specific Ruby files...

Incorrect Default Permissions

Overview rotp is a package that works for both HOTP and TOTP, and includes QR Code provisioning Affected versions of this package are vulnerable to Incorrect Default Permissions due to overly permissive default permissions. An attacker can modify the .rb files to inject malicious code or alter th...

PT-2024-1854 · Rack-Cors · Rack-Cors

Name of the Vulnerable Software and Affected Versions: rack-cors aka Rack CORS Middleware version 2.0.1 Description: The issue is related to incorrectly used standard permissions in the Rack CORS Middleware, which may allow an attacker to impact the integrity, confidentiality, and availability of...

Command injection

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

Elasticsearch Logstash allows remote attackers to execute arbitrary commands

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

Insecure File Permission

rubyparser-legacy has insecure file permission configured on its Ruby files. World-writable Ruby files would allow a local user to insert malicious Ruby code into several Ruby files, which would be executed when the library is used...

Puppet 2.7.x / 3.2.x < 2.7.23 / 3.2.4 and Enterprise 2.8.x / 3.0.x < 2.8.3 / 3.0.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet install on the remote host has multiple vulnerabilities: - By using the 'resourcetype' service, an attacker could cause Puppet to load arbitrary Ruby files from the Puppet Master node's file system. While this behavior is not enabled by...

Moderate: Red Hat Security Advisory: puppet security update

Updated puppet packages that fix several security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Updated puppet and puppet3 package fix security vulnerabilities

It was discovered that Puppet incorrectly handled the resourcetype service. A local attacker on the master could use this issue to execute arbitrary Ruby files CVE-2013-4761. It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with...

Ubuntu 12.04 LTS / 12.10 / 13.04 : puppet vulnerabilities (USN-1928-1)

It was discovered that Puppet incorrectly handled the resourcetype service. A local attacker on the master could use this issue to execute arbitrary Ruby files. CVE-2013-4761 It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be installed with...

USN-1928-1: Puppet vulnerabilities

It was discovered that Puppet incorrectly handled the resourcetype service. A local attacker on the primary server could use this issue to execute arbitrary Ruby files. CVE-2013-4761 It was discovered that Puppet incorrectly handled permissions on the modules it installed. Modules could be...

puppet -- multiple vulnerabilities

Puppet Labs reports: By using the resourcetype service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node's file system. While this behavior is not enabled by default, auth.conf settings could be modified to allow it. The exploit requires local file system...

CVE-2007-2666

Stack-based buffer overflow in LexRuby.cxx SciLexer.dll in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby .rb files with long lines. NOTE: this was originally reported as a vulnerability in notepad++...