Red Hat Security Advisory 2018-3730-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
5974e59d03ede1e205bc6f92b04e3d4d0be271c53073850c54f2227ff9bf7374Red Hat Security Advisory 2018-3729-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
50842ce6db655529d85f25aace87d1c36085f22eb7f5436231ccd6f4207b1c4aUbuntu Security Notice 3808-1 - It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
dc2d5b3f5be433cc29a21366af2eda8167a7638d8db5ae80699233902daf3800Red Hat Security Advisory 2018-3466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a code execution vulnerability.
5598621deef059703cd9fbb8a0f15cba0a7fbdec712ed1910dcded698d246f26Debian Linux Security Advisory 4332-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.
a5733c0033cee949af0f67cf98680b66d844eac356fbda3f7e6595475870436cRed Hat Security Advisory 2018-2745-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include code execution and traversal vulnerabilities.
7e875769e18ebaa154a608a8584f4e8d1008b217996ba4c1c799c3847903d7acRed Hat Security Advisory 2018-2561-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include code execution and traversal vulnerabilities.
7f95440aa937cac0e94761f4b7e8f01a81842cfd98d9009e39aed778069e4c84Debian Linux Security Advisory 4283-1 - It was discovered that ruby-json-jwt, a Ruby implementation of JSON web tokens performed insufficient validation of GCM auth tags.
28f8c88f7fb017fc30223702c1e4340a4e8aa422a76857308f7bfd7a00361478Debian Linux Security Advisory 4259-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure.
d33343f810ff24dbefc65b8198d9e85d3209de1850624590fe3b6563d70fab27Red Hat Security Advisory 2018-2245-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.
6311ef96a5013614ca8b1e54bd7280c452198f65146055fe271f4f1a19326e5eRed Hat Security Advisory 2018-2244-01 - Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Issues addressed include a traversal vulnerability.
d0c1bf0ba78083023a02f9d192b1b3cf46b155d2b355ed6ff6cf843ad304a60eDebian Linux Security Advisory 4247-1 - A timing attack was discovered in the function for CSRF token validation of the "Ruby rack protection" framework.
8190086dbd6a857b5e5b9fbeaf2d2e2876e63e54e53d615d5e4fb5c4ce3cedd6Red Hat Security Advisory 2018-2184-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security fix: ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs Issues addressed include an information leakage vulnerability.
347d2019e1ce59cbdad13b2c91e7c6d733dbb455fb6118c1f45f4036c8fc1438Debian Linux Security Advisory 4242-1 - Orange Tsai discovered a path traversal flaw in ruby-sprockets, a Rack-based asset packaging system. A remote attacker can take advantage of this flaw to read arbitrary files outside an application's root directory via specially crafted requests, when the Sprockets server is used in production.
8113507f333d2773f5bd81b6dafb4c30f4cddb7957bfdda816d5a1909ec87d6fRed Hat Security Advisory 2018-1972-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Issues addressed include bypass and code execution vulnerabilities.
b140dd006daf760c636deaa14803fc48a9e08b6f5c14a57c32fa7e771317d912Ubuntu Security Notice 3685-1 - Some of these CVEs were already addressed in previous USN: 3439-1, 3553-1, 3528-1. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. It was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem. Various other issues were also addressed.
60f255fcb7dd889a143694b47735ea1ee2e3231d8c3486947620ea6096bc226bDebian Linux Security Advisory 4219-1 - Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.
6e5cc1eb575ab1d047c7a67b69e08887ebd38e343b7b9963e1a43e4d616ef663This whitepaper explains deserialization vulnerabilities in Java, Python, PHP, and Ruby.
6093b7b1afd7e2cb2437200d5e7cef8d3ec52ada1f7c203878f7c0778ab52c61Red Hat Security Advisory 2018-1328-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include backup related, bypass, and code execution vulnerabilities.
b19e64c598c25f53ece8314ad1b6b240a0eb87dc98819f4541ad1d70d222c4f8Ubuntu Security Notice 3626-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to connect to an unintended socket. Various other issues were also addressed.
ef0daac817c814813e6e0872b534f7551f133d2e4eb2b05ea2a0500948d6d3a1Ubuntu Security Notice 3621-2 - USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. Various other issues were also addressed.
33908d28e8c06edfd44782105bdef3e2e2cdc270a7e2ad67aee118b40bbc7f69Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.
9448745ca34223b272016f3a6b85e742d98115ddc80c24382e74fd677ef4be62Ubuntu Security Notice 3621-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
4f364998ee8032109638f2f7380cd639a1e212dd1bfe63cd40d7804ef8e0846cSlackware Security Advisory - New ruby packages are available for Slackware 14.2 and -current to fix security issues.
afc1138533c4692071757aac8861ccc77d0fa21aca64028c483c0940b897af84Red Hat Security Advisory 2018-0585-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby, rh-ruby23-rubygems, rh-ruby23-rubygem-json, rh-ruby23-rubygem-minitest, rh-ruby23-rubygem-psych. Issues addressed include a code execution vulnerability.
32edc7a8e98876134eade824682c38c4747c8ccb99d1f61ad5768f31b8e2a899
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed