CVE-2019-16779

In CVE-2019-16779, RubyGem excon before 0.71.0 contains a race condition on persistent connections where an interrupted connection can leave data on the socket, causing subsequent requests to return content from the previous response. This affects ruby-excon packages across multiple distributions...

In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

GHSA-Q58G-455P-8VW9 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

CVE-2014-0241

rubygem-hammercliforeman: File /etc/hammer/cli.modules.d/foreman.yml world readable...

Design/Logic Flaw

rubygem-hammercliforeman: File /etc/hammer/cli.modules.d/foreman.yml world readable...

CVE-2014-0241

rubygem-hammercliforeman: File /etc/hammer/cli.modules.d/foreman.yml world readable...

CVE-2014-0241

CVE-2014-0241 concerns rubygem-hammer_cli_foreman where the file /etc/hammer/cli.modules.d/foreman.yml is world-readable, enabling a local user to read potentially sensitive configuration data (e.g., usernames or passwords) as the underlying issue. Public sources in the provided documents corrobo...

CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability...

CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability...

CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability...

CVE-2013-4593

CVE-2013-4593 concerns the RubyGem omniauth-facebook. The connected sources describe a flaw where the access token can be transmitted via the URL, enabling a remote attacker to bypass authentication and impersonate another user. This results in an authentication bypass vulnerability within the om...

Command injection

rubygem-openshift-origin-controller: API can be used to create applications via cartridgecache.rb URI.prase to perform command injection...

CVE-2013-2095

CVE-2013-2095 affects rubygem openshift-origin-controller. The vulnerability allows command injection through the API by crafting a cartridge_cache.rb URI.parse() payload to create applications. PoC demonstrates the exploit; multiple advisories confirm the issue. Remediation: there is no fixed ve...

CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridgecache.rb URI.prase to perform command injection...

Fedora Update for rubygem-rmagick FEDORA-2019-4504010099

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rack -- information leak / session hijack vulnerability

National Vulnerability Database: There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are...

Fedora 30 : 1:ImageMagick / rubygem-rmagick (2019-4504010099)

Numerous security and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Fedora 31 : 1:ImageMagick / rubygem-rmagick (2019-ba7247edcf)

Numerous security and bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Fedora Update for rubygem-rubyzip FEDORA-2019-52445dce42

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 29 : rubygem-rubyzip (2019-52445dce42)

Fix CVE-2019-16892 denial of service via crafted ZIP file. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...