Fedora: Security Advisory for rubygem-yard (FEDORA-2021-7b8b65bc7a)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries

About 760 malicious libraries, bent on stealing Bitcoin, have been identified so far in the open-source Ruby programming language code base. According to Tomislav Maljic, threat analyst at ReversingLabs, cybercriminals have been using simple typosquatting to carry out their plan – which is the...

metasploit-framework

This is the Metasploit Framework repository, a widely used penetration testing tool. It is an offensive tool for penetration testing and vulnerability assessment. The primary target of this tool is the Metasploit Framework itself, which is a Ruby-based framework for developing and executing...

Ruby Information Disclosure Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the software developer Gyohiro Matsumoto. A security vulnerability exists in Ruby. An attacker can exploit this vulnerability by hijacking a session through a timing attack on the session ID...

ALPINE-CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

Important: Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update

An update for rh-ruby24-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

UBUNTU-CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

DoS Vulnerability associated with URI.decode_www_form_component method

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

JVN#50197114: smalruby-editor vulnerable to OS command injection

smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...

shopify-scripts: Heap overflow due to off-by-one when expanding stack

This program triggers a heap buffer overflow while zeroing a new stack allocation due to an off-by-one while expanding the stack. It doesn't appear to be exploitable and the fix is extremely simple so I didn't try to simplify the failing test case too much: ruby class A yield ensure...

Ruby-Nmap - A Rubyful interface to the Nmap exploration tool and security / port scanner

A Ruby interface to nmap , the exploration tool and security / port scanner. Features Provides a Ruby interface for running nmap. Provides a Parser for enumerating nmap XML scan files. Examples Run Nmap from Ruby: require 'nmap/program' Nmap::Program.scan do |nmap| nmap.synscan = true...

Ruby security vulnerabilities

DoS, restrictions bypass...

Fedora Update for ruby FEDORA-2013-22423

Check for the Version of ruby OpenVAS Vulnerability Test Fedora Update for ruby FEDORA-2013-22423 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Ruby Programming Language 1.7 File Upload

TITLE: Unauthenticated Remote File Upload via HTTP for ruby-Programming language 1.7 on iOS Date: 8/1/2013 Author: Larry W. Cashdollar, @larry0 Download: https://itunes.apple.com/us/app/ruby-programming-language/id581732143?mt=8&ls=1 http://www.tayutec.com/indexen.html Description: "This is an io...

Moderate: Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting XSS attacks via a...

DSA-2609-1 rails - SQL query manipulation

Bulletin has no description...

Fedora Update for xchat-ruby FEDORA-2012-1334

Check for the Version of xchat-ruby OpenVAS Vulnerability Test Fedora Update for xchat-ruby FEDORA-2012-1334 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...