Page 10 of 49 results (0.015 seconds)

CVSS: 5.0EPSS: 6%CPEs: 8EXPL: 0

The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. La función read_multipart en cgi.rb de Ruby anterior a 1.8.5-p2 no detecta adecuadamente los límites en contenido MIME multipart, lo cual permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante una petición HTTP artesanal, un asunto diferente que CVE-2006-5467. • http://bugs.gentoo.org/show_bug.cgi?id=157048 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287 http://docs.info.apple.com/article.html?artnum=305530 http://jvn.jp/jp/JVN%2384798830/index.html http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/23165 http://secunia.com/advisories/23268 http://secunia.com/advisories/23454 http://secunia.com/advisories/25402 http://secunia.com/advisories/27576 http://secunia.co • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.4EPSS: 2%CPEs: 3EXPL: 0

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". Múltiples vulnerabilidades no especificadas en Ruby anterior a 1.8.5 permite a atacantes remotos evitar la validación "nivel de seguro" a través de vectores no especificados afectando a la función (1)alias y (2) "operaciones de directorio". • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://jvn.jp/jp/JVN%2313947696/index.html http://jvn.jp/jp/JVN%2383768862/index.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html http://secunia.com/advisories/21009 http://secunia.com/advisories/21233 http://secunia.com/advisories/21236 http://secunia.com/advisories/21272 http://secunia.com/advisories/21 •

CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). • http://jvn.jp/jp/JVN%2362914675/index.html http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://secunia.com/advisories/16904 http://secunia.com/advisories/17094 http://secunia.com/advisories/17098 http://secunia.com/advisories/17129 http://secunia.com/advisories/17147 http://secunia.com/advisories/17285 http://secunia.com/advisories/19130 http://secunia.com/advisories/20077 http://securityreason.com/securityalert/59 http://www.debian.org/security •

CVSS: 5.0EPSS: 2%CPEs: 17EXPL: 0

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. • http://www.debian.org/security/2004/dsa-586 http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 http://www.redhat.com/support/errata/RHSA-2004-635.html http://www.securityfocus.com/bid/11618 https://exchange.xforce.ibmcloud.com/vulnerabilities/17985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268 https://usn.ubuntu.com/20-1 https://access.redhat.com/security/cve/CVE-2004-0983 https://bugzilla.redhat.com/show_bug.cgi?id=1 •