22 matches found
EUVD-2022-3204
Malicious code in bioql PyPI...
GHSA-8MVW-22R7-W6FQ ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
GHSA-HHWC-8G49-J8JX Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
CVE-2019-18409
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
CVE-2019-18409
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
Design/Logic Flaw
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
CVE-2019-18409
The CVE-2019-18409 entry concerns the ruby_parser-legacy gem (version 1.0.0) for Ruby, where local privilege escalation is possible due to world-writable files. The Red Hat and other sources reiterate that, for example, if the brakeman gem (with legacy dependency) versions 4.5.0–4.7.0 are used, a...
CVE-2019-18409
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
ruby_parser-legacy world writable files allow local privilege escalation
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
RHEL 6 : Subscription Asset Manager (RHSA-2013:0544)
Red Hat Subscription Asset Manager 1.2, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...
Code injection
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
CVE-2013-0162
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
CVE-2013-0162
CVE-2013-0162 affects the ruby_parser gem (diff_pp function in lib/gauntlet_rubyparser.rb) and earlier 3.1.1, where temporary file handling in /tmp is insecure. This allows a local attacker to craft a symlink attack that can overwrite arbitrary files accessible to the Ruby process. The vulnerabil...
CVE-2013-0162
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...
RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162)
Bugtraq ID:58110 CVE ID: CVE-2013-0162 RubyGems简称 gems是一个用于对Rails组件进行打包的Ruby打包系统。 rubyparser ruby gem没有以安全的方式创建临时文件,/usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb的diffpp函数创建的/tmp/a.pid和/tmp/b.pid临时文件可被猜测,通过符号链接攻击可覆盖系统文件或更改目标系统文件内容,造成拒绝服务或可提升权限。 0 RubyGems 厂商解决方案...
FreeBSD : rubygem-ruby_parser -- insecure tmp file usage (e1aa3bdd-839a-4a77-8617-cca439a8f9fc)
Michael Scherer reports : This is a relatively minor tmp file usage issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistributi...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...
rubygem-ruby_parser -- insecure tmp file usage
Michael Scherer reports: This is a relatively minor tmp file usage issue...