Lucene search
K

11 matches found

Oracle linux
Oracle linux
added 2025/11/25 12:0 a.m.5 views

pcs security update

0.11.10-1.el97.1 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945, RHEL-121035, RHEL-123630, RHEL-123642, RHEL-124938 0.11.10-1 - Rebased pcs to the latest sources see CHANGELOG.md Resolves: RHEL-77194,...

7.5CVSS7AI score0.00868EPSS
Exploits0
OSV
OSV
added 2024/09/13 8:27 a.m.20 views

RHSA-2014:0207 Red Hat Security Advisory: rubygems security update

Bulletin has no description...

4.3CVSS5.5AI score0.03343EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.47 views

pcs security update

0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...

7.5CVSS6.9AI score0.35376EPSS
Exploits2
Snyk
Snyk
added 2022/05/13 1:38 a.m.3 views

Deserialization of Untrusted Data

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to...

9.8CVSS8AI score0.15853EPSS
Exploits1References2
Snyk
Snyk
added 2022/05/01 5:44 p.m.2 views

Denial of Service (DoS)

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Denial of Service DoS via the extractfiles function in installer.rb, which does not check whether files exist before overwriting them, which allows user-assisted remote...

9.3CVSS8AI score0.04826EPSS
Exploits0References2
Snyk
Snyk
added 2019/06/20 4:6 p.m.2 views

Directory Traversal

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Directory Traversal. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that...

8.8CVSS7.5AI score0.04212EPSS
Exploits1References2
Snyk
Snyk
added 2019/06/20 4:6 p.m.2 views

Arbitrary Code Injection

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the Gem::UserInteractionverbose function which calls say without escaping. Remediation Upgrade rubygems-update to version 2.7.9, 3.0.3 or highe...

7.5CVSS7.3AI score0.03372EPSS
Exploits0References2
Snyk
Snyk
added 2019/06/20 4:6 p.m.3 views

Arbitrary Code Injection

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection due to the gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence...

7.5CVSS7.8AI score0.03372EPSS
Exploits0References2
Snyk
Snyk
added 2019/06/20 4:5 p.m.1 views

Arbitrary Code Injection

Overview rubygems-update is an inbuilt rubygem for updating rubygems. Affected versions of this package are vulnerable to Arbitrary Code Injection. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence...

7.5CVSS7.5AI score0.03372EPSS
Exploits0References2
OSV
OSV
added 2017/09/26 12:0 a.m.45 views

DLA-1112-1 rubygems - security update

Bulletin has no description...

7.5CVSS8.7AI score0.29442EPSS
Exploits3
OSV
OSV
added 2015/09/08 5:55 p.m.10 views

MGASA-2015-0345 Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS5.7AI score0.08934EPSS
Exploits0References3
Rows per page
Query Builder