Download
| Alert*
oval:org.secpod.oval:def:1800958
Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ... oval:org.secpod.oval:def:114608 Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible. oval:org.secpod.oval:def:1600867 Path traversal when writing to a symlinked basedir outside of the rootRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerab ... oval:org.secpod.oval:def:52071 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:53383 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ... oval:org.secpod.oval:def:503241 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: HTTP response splitting in WEBrick * ruby: DoS by large request in WEBrick * ruby: Buffer under-read in String#unpack * ruby ... oval:org.secpod.oval:def:704180 ruby2.3: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language - ruby2.0: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:89050926 This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: - CVE-2019-832 ... oval:org.secpod.oval:def:504995 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby25-ruby , rh-ruby25-rubygems , rh-ruby25-rubygem-openssl . Security Fi ... oval:org.secpod.oval:def:504912 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby , rh-ruby23-rubygems . Security Fix: * ruby: OpenSSL::X509::Na ... oval:org.secpod.oval:def:1800960 Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ... oval:org.secpod.oval:def:1800961 Ruby has multiple vulnerabilities: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-877 ... oval:org.secpod.oval:def:1504304 [2.0.0.648-36] - Introduce "Gem::UserInteraction#verbose" method as precondition to fix CVE-2019-8321. * rubygems-2.3.0-refactor-checking-really_verbose.patch - Fix escape sequence injection vulnerability in verbose. - Fix escape sequence injection vulnerability in gem owner. Resolves: CVE-2019-8322 ... oval:org.secpod.oval:def:48675 The host is installed with Apple Mac OS X 10.12.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issues related to ruby. Successful exploitation may allow attackers to cause unexpected application termination or arbitrary code ... oval:org.secpod.oval:def:205330 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * ruby: HTTP response splitting in WEBrick * ruby: DoS by large request in WEBrick * ruby: Buffer under-read in String#unpack * ruby ... oval:org.secpod.oval:def:504880 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby , rh-ruby24-rubygems , rh-ruby24-rubygem-bigdecimal , rh-ruby24 ... oval:org.secpod.oval:def:114573 Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible. oval:org.secpod.oval:def:1700208 It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory. It was found that the ... oval:org.secpod.oval:def:603472 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could all ... oval:org.secpod.oval:def:89002928 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command . - CVE-2016-7798: Fixed an IV Reuse in GCM Mode . - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf ... oval:org.secpod.oval:def:48684 The host is installed with Apple Mac OS X through 10.12.6, 10.13.6 or 10.14 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted ... oval:org.secpod.oval:def:2103534 Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default val ... oval:org.secpod.oval:def:2103546 The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as ... |