ROS-20240328-05

Vulnerability of icmpping function of Zabbix universal monitoring system is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability of the smart.disk.get edent of the Zabbix...

BIT-RUBY-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

PT-2023-7982 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix versions affected versions not specified Description: The issue is related to the incorrect handling of security prefixes in cookie names, specifically the zbx session cookie, which can allow a remote attacker to elevate their...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...

SUSE CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 Tenable has extracted the preceding description bloc...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1515)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1496)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

OESA-2022-1497 ruby security update

Object-oriented scripting language interpreter. Security Fixes: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.CVE-2021-41819...

Cookie Prefix Spoofing in CGI::Cookie.parse

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem prior to versions 0.3.1, 0.2.1, 0.1.1, and 0.1.0.1 for Ruby...

Code injection

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

Debian DLA-2853-1 : ruby2.3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2853 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2...

rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse

oooooooq reports: The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names...