41 matches found
EUVD-2017-0174
Malware in sbrugna...
EUVD-2019-0532
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-11027
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers...
SUSE CVE-2013-1812
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...
SUSE CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
Advisory ROSA-SA-2021-1966
Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
Debian: Security Advisory (DLA-1956-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1956-1] ruby-openid security update
Package : ruby-openid Version : 2.5.0debian-1+deb8u1 CVE ID : CVE-2019-11027 ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server n...
DLA-1956-1 ruby-openid - security update
Bulletin has no description...
Debian DLA-1956-1 : ruby-openid security update
ruby-openid performed discovery first, and then verification. This allowed an attacker to change the URL used for discovery and trick the server into connecting to the URL. This server in turn could be a private server not publicly accessible. Furthermore, if the client that uses this library...
GHSA-FQFJ-CMH6-HJ49 ruby-openid SSRF via claimed_id request
Ruby OpenID aka ruby-openid through 2.8.0 is vulnerable to SSRF. Ruby-openid performs discovery first, and then verification. This allows an attacker to change the URL used for discovery and trick the server into connecting to the URL, which might be a private server not publicly accessible...
ruby-openid SSRF via claimed_id request
Ruby OpenID aka ruby-openid through 2.8.0 is vulnerable to SSRF. Ruby-openid performs discovery first, and then verification. This allows an attacker to change the URL used for discovery and trick the server into connecting to the URL, which might be a private server not publicly accessible...
ruby-openid SSRF via claimed_id request
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
DEBIAN-CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
Design/Logic Flaw
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
UBUNTU-CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
CVE-2019-11027
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...