Amazon Linux: Security Advisory (ALAS-2012-79)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

Design/Logic Flaw

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

CVE-2015-4020

CVE-2015-4020 affects RubyGems 2.0.x < 2.0.17, 2.2.x < 2.2.5, and 2.4.x

CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original...

Fedora 21 : rubygems-2.2.5-100.fc21 (2015-13157)

Update to RubyGems 2.2.5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

Fedora Update for rubygems FEDORA-2015-13157

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: rubygems-2.2.5-100.fc21

RubyGems is the Ruby standard for publishing and managing third party libraries...

[SECURITY] Fedora 22 Update: rubygems-2.4.8-100.fc22

RubyGems is the Ruby standard for publishing and managing third party libraries...

Fedora 23 : rubygems-2.4.8-100.fc23 (2015-12501)

Update to RubyGems 2.4.8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

Fedora 22 : rubygems-2.4.8-100.fc22 (2015-12574)

Update to RubyGems 2.4.8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

Fedora Update for rubygems FEDORA-2015-12574

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: rubygems-2.4.8-100.fc23

RubyGems is the Ruby standard for publishing and managing third party libraries...

Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise application running on the remote host is version 3.7.x or 3.8.x prior to 3.8.1. It it, therefore, affected by the following vulnerabilities : - A flaw exists in RubyGems due to a failure to validate hostnames when fetching gems...

RubyGems ruby-saml 'xml_security.rb' command injection vulnerability

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A command injection vulnerability exists in RubyGems ruby-saml. A remote attacker could use this vulnerability to execute arbitrary shell commands in...

RubyGems ruby-saml XML External Entity Injection Vulnerability

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. An XML external entity injection vulnerability exists in RubyGems ruby-saml. An attacker could exploit this vulnerability to cause a denial of service...

RubyGems Security Bypass Vulnerability

RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A security bypass vulnerability exists in RubyGems. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."...