CVE-2019-8325

The CVE-2019-8325 issue is a vulnerability in RubyGems where Gem::CommandManager#run calls alert_error without escaping, enabling escape sequence injection (described as multiple ways to trigger an error). The connected Debian advisory confirms the impact is present in JRuby packages and lists CV...

CVE-2019-8325

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

CVE-2019-8325

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

rubygems: Escape sequence injection vulnerability in API response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

rubygems: Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

Design/Logic Flaw

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162C01E160R1P12/C01E160R2P1 and P30 Pro versions before VOG-AL00 9.1.0.162C01E160R1P12/C01E160R2P1, are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on th...

CVE-2019-5307

Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162C01E160R1P12/C01E160R2P1 and P30 Pro versions before VOG-AL00 9.1.0.162C01E160R1P12/C01E160R2P1, are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on th...

Exploit for Use After Free in Microsoft

CVE-2019-0708 - BlueKeep RDP RDP Connection Sequence:...

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1597)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - rubygems: Installing a malicious gem may lead to arbitrary code execution CVE-2019-8324 - rubygems: Escape sequence injection vulnerability in gem...

ruby, rubygem, rubygems security update

CentOS Errata and Security Advisory CESA-2019:1235 An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Debian DLA-1796-1 : jruby security update

Multiple vulnerabilities have been discovered in jruby, Java implementation of the Ruby programming language. CVE-2018-1000074 Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the gem owner...

Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis of under-vulnerability warning-the black bar safety net

Buffer override of the program sequence In the absence of enumeration MDCLEAR functions of the processor, certain instruction sequences can be used for cover by the MDS affect the buffer. You can point this, a detailed review of these sequences. Different processors may require different sequence...

Escape Sequence Injection

Rubygems is vulnerable to escape sequence injection vulnerability in verbose...

Escape Sequence Injection

Ruby is vulnerable to escape sequence injection vulnerability. The vulnerability exists in an unknown code block of the component API Response Handler when gem owner command outputs the contents of the API response directly to stdout. An attacker could cause an escape sequence injection via a...

Escape Sequence Injection

Ruby is vulnerable to escape sequence injection vulnerability. The vulnerability exists in the function Gem::CommandManagerrun. Calling alerterror without escaping may cause an escape sequence injection attacks...

Escape Sequence Injection

Ruby is vulnerable to escape sequence injection. This exists in the function Gem::GemcutterUtilitieswithresponse of the component API Response Handler. Gem::GemcutterUtilitieswithresponse may output the API response to stdout without any change. Modifications in the response from API side may cau...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of serviceDoS attacks. This is because Salsa20 encryption algorithm does not correctly handle zero-length inputs. This allows a local attacker to use the AFALG-based skcipher interface to cause a denial of service uninitialized-memory free and kernel crash or...

ruby security update

2.0.0.648-35 - Introduce method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escape sequence injection vulnerability in verbose. - Fix escape sequence injection vulnerability in gem owner. - Fix escape sequence injection vulnerability in API...

Oracle Linux 7 : ruby (ELSA-2019-1235)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1235 advisory. - Introduce method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch Tenable has extracted the preceding...