Lucene search
+L

12 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0470

Malware in sbrugna...

9.8CVSS7.1AI score0.04499EPSS
Exploits1References9
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-0236

Malware in sbrugna...

9.8CVSS7.9AI score0.0347EPSS
Exploits0References11
nessus
nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-16892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allow...

7.1CVSS6.2AI score0.01581EPSS
Exploits1References2
nessus
nessus
added 2025/08/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-5946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker...

9.8CVSS7.8AI score0.0347EPSS
Exploits0References2
susecve
susecve
added 2023/02/15 4:19 a.m.5 views

SUSE CVE-2018-1000544

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

9.8CVSS7.6AI score0.04499EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 4:7 a.m.3 views

SUSE CVE-2019-16892

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...

5.5CVSS5.4AI score0.01581EPSS
Exploits1References3
redhat
redhat
added 2019/12/13 12:36 a.m.4 views

cfme: rubygem-rubyzip denial of service via crafted ZIP file

A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is...

7.1CVSS6.4AI score0.01581EPSS
Exploits1References4
redhat
redhat
added 2018/11/05 1:58 p.m.576 views

Moderate: Red Hat Security Advisory: CloudForms 4.6.5 security, bug fix and enhancement update

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7.2AI score0.04499EPSS
Exploits1References68
osv
osv
added 2018/09/06 3:27 a.m.32 views

GHSA-VQCQ-MRMW-MCMG Rubyzip gem contains a Directory Traversal vulnerability in zip file component

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...

9.8CVSS9.3AI score0.04499EPSS
Exploits1References7
osv
osv
added 2018/07/31 6:21 p.m.5 views

GHSA-3Q5Q-F79Q-7HR2 High severity vulnerability that affects rubyzip

Withdrawn, accidental duplicate publish. The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the...

9.8CVSS9.5AI score0.0347EPSS
Exploits0References2
veracode
veracode
added 2018/06/19 7:25 a.m.32 views

Directory Traversal

rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...

9.8CVSS9AI score0.04499EPSS
Exploits1References7Affected Software1
veracode
veracode
added 2018/02/26 12:55 a.m.15 views

Path Traversal

rubyzip is vulnerable to a path traversal vulnerability. Through the use of ..\ in file names within a zip folder, attackers can traverse folders outside of the intended directory on a Windows based system...

6.6AI score
Exploits0
Rows per page
Query Builder