11 matches found
EUVD-2017-0218
Malware in sbrugna...
Puppet `resource_type` Remote Code Execution Vulnerability
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...
shopify-scripts: Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox
Introduction ============ Certain invalid Ruby programs which should normally raise a syntax error are able to cause an infinite loop in MRuby's parser which makes the mruby-engine sandbox and consequently the MRI process it is running in unresponsive to SIGTERM. The process begins looping foreve...
shopify-scripts: Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop
Introduction ============ Certain invalid inputs invalid Ruby programs crash mruby and mrubyengine including the parent MRI VM. The programs always involve the ||= operator, loops and the break keyword. Proof of Concept ================ crash.rb -------- A ||= break while break 1. Save the above...
Amazon Linux: Security Advisory (ALAS-2013-219)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : puppet (ALAS-2013-219)
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...
CVE-2013-4761
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...
Code injection
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...
CVE-2013-4761
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...
CVE-2013-4761
The CVE-2013-4761 issue affects Puppet and Puppet Enterprise: remote attackers can execute arbitrary Ruby code from the master via the resource_type service, exploiting it only when local file system access to the Puppet Master is possible. Affected lines include Puppet 2.7.x before 2.7.23, 3.2.x...
CVE-2013-4761
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...