Download
| Alert*
|
oval:org.secpod.oval:def:106673
rubygems is installed oval:org.secpod.oval:def:701015 rubygems: package management framework for Ruby libraries/applications RubyGems could be made to download and install malicious gem files. oval:org.secpod.oval:def:1601262 RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. oval:org.secpod.oval:def:1600320 Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service vi ... oval:org.secpod.oval:def:106008 RubyGems is the Ruby standard for publishing and managing third party libraries. oval:org.secpod.oval:def:109430 RubyGems is the Ruby standard for publishing and managing third party libraries. oval:org.secpod.oval:def:109466 RubyGems is the Ruby standard for publishing and managing third party libraries. oval:org.secpod.oval:def:1600287 Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service via a crafte ... oval:org.secpod.oval:def:1500268 An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:105924 RubyGems is the Ruby standard for publishing and managing third party libraries. oval:org.secpod.oval:def:702016 rubygems is installed oval:org.secpod.oval:def:202952 RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to ... oval:org.secpod.oval:def:113615 RubyGems is the Ruby standard for publishing and managing third party libraries. oval:org.secpod.oval:def:113132 RubyGems is the Ruby standard for publishing and managing third party libraries. oval:org.secpod.oval:def:1701666 The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object oval:org.secpod.oval:def:1701704 The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object oval:org.secpod.oval:def:1701703 A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A ReDo ... oval:org.secpod.oval:def:1701677 A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is system ... oval:org.secpod.oval:def:1701670 CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. A flaw was found in ruby, where the date object ... oval:org.secpod.oval:def:1701769 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private ... oval:org.secpod.oval:def:1701662 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private ... oval:org.secpod.oval:def:1701729 An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc oval:org.secpod.oval:def:1701791 An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc oval:org.secpod.oval:def:1701656 A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in appli ... oval:org.secpod.oval:def:1701799 An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy , which may lead to an ... oval:org.secpod.oval:def:1701652 jQuery before 1.9.0 is vulnerable to Cross-site Scripting attacks. The jQuery function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the 'less than' character anywhere in the string, giving attac ... oval:org.secpod.oval:def:1701784 A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read oval:org.secpod.oval:def:1701736 A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. A buffer overrun vulnerability was found in Ruby. The issue occurs in a c ... |
