CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

CVE-2024-51499

CVE-2024-51499 (MarkUs) : Affected software is MarkUs web app (Rails) versions before 2.4.8. The root cause is an arbitrary file write vulnerability exposed through the SubmissionsController.update_files method, allowing authenticated users (e.g., students) to write files to arbitrary server path...

MarkUs 代码问题漏洞

MarkUs is a Ruby on Rails and React web application from MarkUs open source for submitting and grading student assignments. A code issue vulnerability exists in MarkUs versions prior to v2.4.8, which stems from the presence of an arbitrary file write vulnerability that allows an authenticated use...

PT-2024-8540 · Unknown +3 · Needrestart +3

Name of the Vulnerable Software and Affected Versions: needrestart versions prior to 3.8 Description: The issue is related to an uncontrolled search path element in the needrestart utility. Exploitation of this issue may allow an attacker to execute arbitrary code in the context of the root user ...

OESA-2024-2411 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests...

OESA-2024-2383 rubygem-actionmailer security update

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. Security Fixes: Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5,...

Fedora 37 : ruby (2022-f0f6c6bec2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f0f6c6bec2 advisory. Upgrade to Ruby 3.1.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

The vulnerability of the `block_format` function in the Action Text interpreter for Ruby allows a hacker to trigger a service failure.

The vulnerability of the blockformat function in the Action Text extension of the Ruby interpreter is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...

The vulnerability of the `plain_text_for_blockquote_node` function in the Action Text interpreter for Ruby allows a hacker to trigger a service failure.

The vulnerability of the plaintextforblockquotenode function in the Action Text interpreter for Ruby is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...

The vulnerability of the Action Controller component of the Action Pack interpreter for Ruby allows a attacker to trigger a service failure.

The vulnerability of the Action Controller component of the Action Pack interpreter in Ruby is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

The vulnerability of the Action Dispatch component in the Action Pack extension’s Ruby interpreter allows a attacker to trigger a service failure.

The vulnerability of the Action Dispatch component in the Action Pack extension’s Ruby interpreter involves unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Fedora 38 : pcs (2022-23f40e879d)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-23f40e879d advisory. Automatic update for pcs-0.11.3-4.fc38. Changelog Wed Sep 7 2022 Miroslav Lisik - 0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2123389 Tenable ha...

Fedora 41 : ruby (2024-cfcd6258fa)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cfcd6258fa advisory. Upgrade to Ruby 3.3.5. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

ROS-20241112-06

The XML toolkit vulnerability for Ruby REXML is related to inefficient regular expression complexity expressions. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of service attack using regular expressions. denial-of-service attack using regular...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

CVE-2024-49761

...

CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8

CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8. A patched version of the package is available...

[SECURITY] [DLA 3949-1] ruby-saml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 11, 2024 https://wiki.debian.org/LTS -...

Debian dla-3949 : ruby-saml - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3949 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3949-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...