12 matches found
EUVD-2017-0236
Malware in sbrugna...
EUVD-2018-0470
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-16892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allow...
Linux Distros Unpatched Vulnerability : CVE-2017-5946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker...
SUSE CVE-2018-1000544
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
SUSE CVE-2019-16892
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
cfme: rubygem-rubyzip denial of service via crafted ZIP file
A vulnerability in Rubyzip, versions prior to 1.3.0, allows a crafted ZIP file to bypass application checks on ZIP entry sizes. This allows an attacker to spoof data regarding the uncompressed size of the ZIP file, causing a denial of service due to disk consumption. Availability of the system is...
Moderate: Red Hat Security Advisory: CloudForms 4.6.5 security, bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
GHSA-VQCQ-MRMW-MCMG Rubyzip gem contains a Directory Traversal vulnerability in zip file component
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file...
GHSA-3Q5Q-F79Q-7HR2 High severity vulnerability that affects rubyzip
Withdrawn, accidental duplicate publish. The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the...
Directory Traversal
rubyzip is vulnerable to directory traversal attacks. A malicious user can pass zip file containing files with the / character or a zip file with a symlink to cause a directory traversal. This is related to CVE-2017-5946...
Path Traversal
rubyzip is vulnerable to a path traversal vulnerability. Through the use of ..\ in file names within a zip folder, attackers can traverse folders outside of the intended directory on a Windows based system...