14179 matches found
Astra Linux - уязвимость в needrestart
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
SUSE CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
The vulnerability of the needrestart utility, related to the uncontrolled element in the search process, allows a hacker to execute arbitrary code in the context of the root user.
The vulnerability of the needrestart utility is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user, when processing the RUBYLIB variable...
USN-7091-2: Ruby vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...
USN-7091-2 ruby2.7 vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...
Ubuntu: Security Advisory (USN-7091-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS : Ruby vulnerabilities (USN-7091-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7091-2 advisory. USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. Tenable has extracted th...
CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
DEBIAN-CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
USN-7117-1 Several security issues were fixed in needrestart and Module::ScanDeps
Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. CVE-2024-11003 Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed...
CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
CVE-2024-48992
CVE-2024-48992 affects needrestart before 3.8. An attacker could trigger arbitrary root commands by supplying an attacker-controlled RUBYLIB and tricking the Ruby interpreter, per the initial description. The TencentOS Server 4 advisory also notes that needrestart passes unsanitized data to Modul...
CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
UBUNTU-CVE-2024-48992
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...
needrestart 权限许可和访问控制问题漏洞
needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to run the Ruby interpreter by tricking needresta...
The vulnerability of the XML tools for Ruby REXML arises from the use of a regular expression c, which has an inefficient computational cost. This allows attackers to perform a type of “denial-of-service” attack.
The vulnerability of the XML tools for Ruby REXML relates to the use of a regular expression with high computational complexity. Exploiting this vulnerability allows an attacker to perform a type of “denial-of-service” attack remotely...
CVE-2024-51743
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...
CVE-2024-51499
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...
CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...