Red Hat Security Advisory 2022-0582-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
28f434c8a7e0c5a9a457c78e1d0a72539ecb56d9a3673853dd0aa3595f619eda
Red Hat Security Advisory 2022-0581-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, code execution, denial of service, information leakage, and spoofing vulnerabilities.
8bd21cf01e10e7a947db8efca057a501595b8383a816b9f497a90e17a13ebc45
Red Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.
5af35473aa05be14b339ef6700164c127af3a9a9f71ad62e2221b2b6addb8987
Red Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and information leakage vulnerabilities.
5fbf960ff4484cd6f2ef69e135f605145b9a2a39f1b978087c354f225d411a0f
Red Hat Security Advisory 2021-2230-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.
7f44016fa2acb5c0eef19435e7da178e870b55a93bc1aadb7ac11648d84d09ce
Red Hat Security Advisory 2021-2104-01.tt - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and information leakage vulnerabilities.
a48465f7ceae469f6c4a53e76d812b67eeab7919dcdf43f046cfc5753b387376
Gentoo Linux Security Advisory 202003-6 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.4.9:2.4 are affected.
9a9257b84a08231560b0f6dbe0d09d2e0afac6b539fe8370b12d7ceeb3bb27ab
Debian Linux Security Advisory 4586-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.
89a3287a7f18397cf7ba29822602a738221673bb04079089b1021a5cfa501551
Debian Linux Security Advisory 4587-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.
b4e4a598ec0f678c29f0d18792ae30cb04d3da8c85a26fdb228bdc23b74dad38
Ubuntu Security Notice 4201-1 - It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to cause a denial of service. It was discovered that Ruby incorrectly handled certain HTTP headers. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
fb5207d2d5cd13b28e5fc571f6f9365cd6eb101ba786fb264b4bd1794b1d6f86
DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).
94163d73db872c81ba5ce8506f3d9deded66f21e352e87fbb9269f202301c37e
Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6c