CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в ruby-kramdown

Before version 2.3.1, Kramdown did not restrict Rouge formatters to the Rouge::Formatters namespace, allowing arbitrary classes to be instantiated...

9.8CVSS7.4AI score0.0259EPSS

Exploits1References1

OpenVAS•added 2023/10/11 12:0 a.m.•13 views

Ubuntu: Security Advisory (USN-6424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.0259EPSS

Exploits1References2

OSV•added 2023/10/10 4:39 a.m.•3 views

USN-6424-1 ruby-kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

9.8CVSS5.9AI score0.0259EPSS

Exploits1References2

Ubuntu•added 2023/10/10 4:39 a.m.•45 views

USN-6424-1: kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

9.8CVSS8.4AI score0.0259EPSS

Exploits1

Tenable Nessus•added 2021/04/14 12:0 a.m.•19 views

Debian DSA-4890-1 : ruby-kramdown - security update

Stan Hu discovered that kramdown, a pure Ruby Markdown parser and converter, performed insufficient namespace validation of Rouge syntax highlighting formatters. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

9.8CVSS8.3AI score0.0259EPSS

Exploits1References5

OpenVAS•added 2021/04/13 12:0 a.m.•13 views

Debian: Security Advisory (DSA-4890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.0259EPSS

Exploits1References4

Tenable Nessus•added 2020/10/27 12:0 a.m.•22 views

Ubuntu 20.10 : kramdown vulnerability (USN-4562-2)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4562-2 advisory. kramdown could be made to crash, run programs, or leak sensitive information if it opened a specially crafted file. Tenable has extracted the preceding description...

9.8CVSS8.1AI score0.07509EPSS

Exploits0References2

OpenVAS•added 2020/10/27 12:0 a.m.•14 views

Ubuntu: Security Advisory (USN-4562-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.07509EPSS

Exploits0References2

OpenVAS•added 2020/10/01 12:0 a.m.•10 views

Ubuntu: Security Advisory (USN-4562-1)

9.8CVSS9.6AI score0.07509EPSS

Exploits0References2

OSV•added 2020/09/30 9:41 p.m.•1 views

USN-4562-1 ruby-kramdown vulnerability

It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code...

9.8CVSS7.4AI score0.07509EPSS

Exploits0References2

OpenVAS•added 2020/08/17 12:0 a.m.•13 views

Debian: Security Advisory (DLA-2316-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.07509EPSS

Exploits0References4

OpenVAS•added 2020/08/12 12:0 a.m.•15 views

Debian: Security Advisory (DSA-4743-1)

9.8CVSS9.6AI score0.07509EPSS

Exploits0References4

Tenable Nessus•added 2020/08/12 12:0 a.m.•21 views

Debian DSA-4743-1 : ruby-kramdown - security update

A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the ::options / extension is used together with the 'template' option. The update introduces a new option...

9.8CVSS8.5AI score0.07509EPSS

Exploits0References5

Debian•added 2020/08/10 7:21 p.m.•22 views

[SECURITY] [DSA 4743-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4743-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2020 https://www.debian.org/security/faq -...

7.5CVSS2.6AI score0.07509EPSS

Exploits0

Tenable Nessus•added 2020/08/10 12:0 a.m.•25 views

Debian DLA-2316-1 : ruby-kramdown security update

ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access such as template='/etc/passwd' or unintended embedded Ruby code execution such as a string that begins with template='string://%= . NOTE: kramdown is used in Jekyll, GitLab Pages,...

9.8CVSS8AI score0.07509EPSS

Exploits0References4

Debian•added 2020/08/09 2:59 a.m.•39 views

[SECURITY] [DLA 2316-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2316-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA August 08, 2020 https://wiki.debian.org/LTS -...

9.8CVSS9.6AI score0.07509EPSS

Exploits0

OSV•added 2020/08/08 12:0 a.m.•15 views

DLA-2316-1 ruby-kramdown - security update

Bulletin has no description...

9.8CVSS9.4AI score0.07509EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by