Data Injection Vulnerability in moped Rubygem

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object...

FreeBSD : rubygem-redcarpet -- XSS vulnerability (c368155a-fa83-11e4-bc58-001e67150279)

Daniel LeCheminant reports : When markdown is being presented as HTML, there seems to be a strange interaction between and @ that lets an attacker insert malicious tags. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : rubygem-rest-client (openSUSE-2015-307)

rubygem-rest-client was updated to fix one security issue. The following vulnerability was fixed : - Application logging of password information in plaintext could have allowed a local attacker to gain access to this information bnc917802 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SUSE-SU-2015:0787-1 Security update for rubygem-sprockets-2_11

This update for rubygem-sprockets-211 provides the following security fix: Arbitrary file existence disclosure bnc903658, CVE-2014-7819 Security Issues: CVE-2014-7819...

rubygem-redcarpet -- XSS vulnerability

Daniel LeCheminant reports: When markdown is being presented as HTML, there seems to be a strange interaction between and @ that lets an attacker insert malicious tags...

openSUSE Security Update : rubygem-bundler (openSUSE-2015-275)

rubygem-bunder was updated to fix security vulnerabilities and non-security issues The following security issues were fixed : - Hide credentials while warning about gems with ambiguous sources - Warn when more than one top-level source is present - Bundler may install gems from a different source...

CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

SUSE-SU-2015:0795-1 Security update for rubygem-bundler

The Rubygem Bundler was updated to version 1.7.0. Bundler 1.7 is a security-only release to address CVE-2013-0334, a vulnerability where a gem might be installed from an unintended source server, particularly while using both rubygems.org and gems.github.com. Upstream changes entry with more...

Fedora 20 : rubygem-actionpack-4.0.0-5.fc20 (2014-15371)

Fixes for CVE-2014-7818 rhbz1163511 and CVE-2014-7829 rhbz1165077 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora Update for rubygem-actionpack FEDORA-2014-15371

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-5.fc20

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

Fedora Update for rubygem-actionpack FEDORA-2014-15342

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-sprockets FEDORA-2014-15413

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : rubygem-sprockets-2.12.1-3.fc21 (2014-15413)

Contains fix for CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for rubygem-sprockets FEDORA-2014-15489

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : rubygem-actionpack-4.1.5-2.fc21 (2014-15342)

Fixes for CVE-2014-7818 rhbz1163511 and CVE-2014-7829 rhbz1165077 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 20 : rubygem-sprockets-2.8.2-5.fc20 (2014-15489)

Contains fix for CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

[SECURITY] Fedora 21 Update: rubygem-actionpack-4.1.5-2.fc21

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 20 Update: rubygem-sprockets-2.8.2-5.fc20

Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS...

Fedora 20 : rubygem-passenger-4.0.53-3.fc20 (2015-1151)

build for f20 1058993 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...