Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2020/12/01 5:29 p.m.54 views

CVE-2020-29374

An issue was discovered in the Linux kernel related to mm/gup.c and mm/hugememory.c. The getuserpages aka gup implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended read access. Mitigation Mitigation for...

3.3CVSS0.8AI score0.00399EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/08/12 12:0 a.m.24 views

Debian DSA-4743-1 : ruby-kramdown - security update

A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the ::options / extension is used together with the 'template' option. The update introduces a new option...

9.8CVSS8.5AI score0.0456EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/08/10 12:0 a.m.27 views

Debian DLA-2316-1 : ruby-kramdown security update

ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access such as template='/etc/passwd' or unintended embedded Ruby code execution such as a string that begins with template='string://%= . NOTE: kramdown is used in Jekyll, GitLab Pages,...

9.8CVSS8AI score0.0456EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/08/07 10:27 p.m.62 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References15Affected Software1
UbuntuCve
UbuntuCve
added 2020/07/17 4:15 p.m.29 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS7.6AI score0.0456EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2020/07/17 3:27 p.m.49 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.0456EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/07/17 3:27 p.m.24 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.0456EPSS
Exploits0
RubySec
RubySec
added 2020/06/28 12:0 a.m.29 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder