Lucene search
K

146 matches found

Debian
Debian
added 2017/11/11 2:46 p.m.42 views

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

9.3CVSS1.8AI score0.16412EPSS
Exploits2
Debian
Debian
added 2017/11/11 2:46 p.m.50 views

[SECURITY] [DSA 4031-1] ruby2.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2017 https://www.debian.org/security/faq -...

9.8CVSS10AI score0.16412EPSS
Exploits2
OpenVAS
OpenVAS
added 2017/11/10 12:0 a.m.45 views

Debian: Security Advisory (DSA-4031-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9AI score0.16412EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2017/10/27 12:0 a.m.55 views

Amazon Linux AMI : ruby24 (ALAS-2017-915)

Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte,...

9.8CVSS7.8AI score0.29442EPSS
Exploits8References10
Amazon
Amazon
added 2017/10/26 12:0 a.m.64 views

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

9.8CVSS9.8AI score0.29442EPSS
Exploits8
Mageia
Mageia
added 2017/10/18 8:19 p.m.42 views

Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

9.8CVSS0.5AI score0.16412EPSS
Exploits2References8
OSV
OSV
added 2017/10/18 8:19 p.m.8 views

MGASA-2017-0371 Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

9.8CVSS8.8AI score0.16412EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2017/10/03 12:0 a.m.59 views

Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)

SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session...

9.8CVSS7.8AI score0.29442EPSS
Exploits9References11
Amazon
Amazon
added 2017/10/02 12:0 a.m.108 views

Medium: ruby22, ruby23

Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...

9.8CVSS9.5AI score0.29442EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2017/09/27 12:0 a.m.37 views

Debian DLA-1113-1 : ruby1.8 security update

Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence injection vulnerability in the Basic authentication of WEBrick For Debian 7 'Wheezy', these problems have been...

9.3CVSS7.2AI score0.16412EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2017/09/27 12:0 a.m.44 views

Debian DLA-1114-1 : ruby1.9.1 security update

Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0899 ANSI escape sequence vulnerability CVE-2017-0900 DOS vulernerability in the query command CVE-2017-0901 gem installer allows a malicious gem to overwri...

9.8CVSS7.2AI score0.29442EPSS
Exploits6References9
Debian
Debian
added 2017/09/26 9:16 p.m.59 views

[SECURITY] [DLA 1114-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.3.194-8.1+deb7u6 CVE ID : CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 Debian Bug : 873802 873906 875928 875931 875936 Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor. CVE-2017-0898 Buff...

9.8CVSS9.4AI score0.29442EPSS
Exploits6
Debian
Debian
added 2017/09/26 9:16 p.m.37 views

[SECURITY] [DLA 1113-1] ruby1.8 security update

Package : ruby1.8 Version : 1.8.7.358-7.1+deb7u4 CVE ID : CVE-2017-0898 CVE-2017-10784 Debian Bug : 875931 875936 Some vulnerabilities were found in the Ruby 1.8 package that affects the LTS distribution. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784 Escape sequence...

9.3CVSS9.2AI score0.16412EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.45 views

FreeBSD : ruby -- multiple vulnerabilities (95b01379-9d52-11e7-a25c-471bafc3262f)

Ruby blog : CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

9.8CVSS7.1AI score0.16412EPSS
Exploits2References10
RedhatCVE
RedhatCVE
added 2017/09/14 9:48 p.m.38 views

CVE-2017-14033

It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service...

7.5CVSS3.1AI score0.07734EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/09/14 12:0 a.m.39 views

ruby -- multiple vulnerabilities

Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

9.8CVSS9.4AI score0.16412EPSS
Exploits2References5
RubySec
RubySec
added 2017/09/14 12:0 a.m.42 views

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

9.1CVSS1.6AI score0.09718EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2017/09/14 12:0 a.m.4 views

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

9.1CVSS7.5AI score0.09718EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2017/09/14 12:0 a.m.31 views

Buffer underrun vulnerability in OpenSSL ASN1 decode

There is a buffer underrun vulnerability in OpenSSL bundled by Ruby. If a malicious string is passed to the decode method of OpenSSL::ASN1, buffer underrun may be caused and the Ruby interpreter may crash. All users running an affected release should either upgrade or use one of the workarounds...

7.5CVSS6.9AI score0.07734EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/12/20 12:0 a.m.28 views

SUSE SLES11 Security Update : xorg-x11-libs (SUSE-SU-2016:3189-1)

This update for xorg-x11-libs fixes the following issues : - insufficient validation of data from the X server can cause a one byte buffer read underrun bsc1003023, CVE-2016-7953 - insufficient validation of data from the X server can cause out of boundary memory access or endless loops Denial of...

9.8CVSS7.3AI score0.03629EPSS
Exploits0References19
Rows per page
Query Builder