Page 27 of 445 results (0.023 seconds)

CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 1

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. RubyGems 2.6.12 y anteriores es vulnerable a especificaciones de gemas manipuladas maliciosamente para provocar ataques de denegación de servicio contra clientes RubyGems que hayan enviado un comando query. It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100579 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 https://hackerone.com/reports/243003 https://lists.debian.org/debian- • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 2

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. RubyGems 2.6.12 y anteriores no valida con éxito los nombres de las especificaciones, permitiendo que una gema manipulada maliciosamente sobrescriba cualquier archivo en el sistema de archivos. It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. RubyGems versions prior to 2.6.13 suffer from an arbitrary file overwrite vulnerability. • https://www.exploit-db.com/exploits/42611 http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100580 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 https://hackerone.com/repor • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-138: Improper Neutralization of Special Elements •

CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 1

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup en ext/json/ext/generator/generator.c, el cual se detendría después de encontrar un byte '\0', devolviendo un puntero a un string de longitud cero, que no es la longitud almacenada en space_len. A buffer overflow vulnerability was found in the JSON extension of ruby. • http://www.securityfocus.com/bid/100890 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://bugs.ruby-lang.org/issues/13853 https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 https://hackerone.com/reports/209949 https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 1

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. Una condición de carrera en fs/timerfd.c en el kernel Linux en versiones anteriores a la 4.10.15 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (corrupción de lista o use-after-free) mediante operaciones simultáneas de descriptor de archivo que aprovechan la cola inadecuada might_cancel. A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/43345 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15 http://www.securityfocus.com/bid/100215 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:4057 https://access.redhat.com/e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. Las versiones anteriores a la 4.3 de Mercurial no sanitizaban adecuadamente los nombres de host pasados a ssh, lo que conducía a posibles ataques de inyección de shell. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit. • http://www.debian.org/security/2017/dsa-3963 http://www.securityfocus.com/bid/100290 https://access.redhat.com/errata/RHSA-2017:2489 https://security.gentoo.org/glsa/201709-18 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29 https://access.redhat.com/security/cve/CVE-2017-1000116 https://bugzilla.redhat.com/show_bug.cgi?id=1479915 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •