Lucene search
K

917 matches found

CNVD
CNVD
added 2015/02/26 12:0 a.m.3 views

RubyGems xaviershay-dm-rails 'storage.rb' MySQL Information Disclosure Vulnerability

RubyGems xaviershay-dm-rails is a Ruby application. A security vulnerability in RubyGems xaviershay-dm-rails 'storage.rb' allows remote attackers to exploit a vulnerability to obtain sensitive MySQL authentication credential information...

6.9AI score
Exploits0References1
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.48 views

Different Ruby gems security vulnerabilities

Crossite scripting, code execution, information leakage...

7.5CVSS1.9AI score0.02231EPSS
Exploits6References6Affected Software6
RedHat Linux
RedHat Linux
added 2013/12/17 6:29 p.m.7 views

rubygems: version regex algorithmic complexity vulnerability

A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...

4.3CVSS7.4AI score0.03343EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/12/17 6:29 p.m.6 views

rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

5.8CVSS7.4AI score0.02477EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/11/25 12:0 a.m.31 views

FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (54237182-9635-4a8b-92d7-33bfaeed84cd)

Ruby Gem developers report : RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption. %NASLMINLEVEL 70300 C Tenable Network Security, In...

4.3CVSS8.1AI score0.03343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/11/25 12:0 a.m.24 views

FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (742eb9e4-e3cb-4f5a-b94e-0e9a39420600)

Ruby Gem developers report : The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...

4.3CVSS8.1AI score0.0169EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/11/14 5:28 p.m.10 views

rubygems: version regex algorithmic complexity vulnerability

A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...

4.3CVSS7.4AI score0.03343EPSS
Exploits0References5
OSV
OSV
added 2013/10/17 11:55 p.m.3 views

DEBIAN-CVE-2013-4363

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

4.3CVSS6.6AI score0.0169EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/10/17 5:15 p.m.4 views

rubygems: version regex algorithmic complexity vulnerability

A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...

4.3CVSS7.4AI score0.03343EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/10/17 5:15 p.m.5 views

rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

4.3CVSS7.4AI score0.01374EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/17 5:15 p.m.5 views

rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

5.8CVSS7.4AI score0.02477EPSS
Exploits0References4
OSV
OSV
added 2013/10/01 5:55 p.m.2 views

DEBIAN-CVE-2012-2126

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

4.3CVSS6.9AI score0.01374EPSS
Exploits0References1
OSV
OSV
added 2013/10/01 5:55 p.m.2 views

DEBIAN-CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

5.8CVSS6.3AI score0.02477EPSS
Exploits0References1
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.34 views

Security vulnerabilities in different Ruby Gems

VUlnerabilities in different libraries...

7.5CVSS2.2AI score0.02075EPSS
Exploits3References8Affected Software5
Kitploit
Kitploit
added 2013/04/29 11:22 p.m.29 views

[MSF-Installer] Script to Automate Metasploit Framework Installation

Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...

7.2AI score
Exploits0References1
OSV
OSV
added 2012/04/20 12:0 a.m.3 views

UBUNTU-CVE-2012-2126

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

4.3CVSS5.8AI score0.01374EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2007/01/24 12:0 a.m.7 views

PT-2007-1934

Name of the Vulnerable Software and Affected Versions RubyGems versions prior to 0.9.1 Description The issue concerns the extract files function in installer.rb, which does not check whether files exist before overwriting them. This allows user-assisted remote attackers to overwrite arbitrary...

9.3CVSS7.7AI score0.04826EPSS
Exploits0References12
Rows per page
Query Builder