Page 3 of 94 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2016-2338

https://notcve.org/view.php?id=CVE-2016-2338

An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. Se presenta una vulnerabilidad de desbordamiento de pila explotable en la función Psych::Emitter start_document de Ruby. En la función Psych::Emitter start_document la asignación de "head" del buffer de heap es realizada en base a la longitud del array de etiquetas. • https://github.com/SpiralBL0CK/CVE-2016-2338-nday http://www.talosintelligence.com/reports/TALOS-2016-0032 https://lists.debian.org/debian-lts-announce/2020/03/msg00032.html https://security.netapp.com/advisory/ntap-20221228-0005 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-4121

https://notcve.org/view.php?id=CVE-2011-4121

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. La extensión OpenSSL de Ruby (Git trunk) versiones posteriores al 01-09-2011 hasta el 03-11-2011, siempre generó un valor de exponente de "1" para ser usado para la generación de claves RSA privadas. Un atacante remoto podría usar este fallo para omitir o dañar la integridad de los servicios, dependiendo de un mecanismo de generación de claves RSA privadas fuerte. • http://www.openwall.com/lists/oss-security/2013/07/01/1 https://access.redhat.com/security/cve/cve-2011-4121 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4121 https://security-tracker.debian.org/tracker/CVE-2011-4121 • CWE-326: Inadequate Encryption Strength •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-3624

https://notcve.org/view.php?id=CVE-2011-3624

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. Varios métodos en WEBrick::HTTPRequest en Ruby versiones 1.9.2 y versiones 1.8.7 y anteriores, no comprueban los encabezados X-Fordered-For, X-Fordered-Host y X-Fordered-Server en las peticiones, lo que podría permitir a los atacantes remotos inyectar texto arbitrario en archivos de registro o omitir el análisis de direcciones previsto por medio de un encabezado diseñado. • https://access.redhat.com/security/cve/cve-2011-3624 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3624 https://redmine.ruby-lang.org/issues/5418 https://security-tracker.debian.org/tracker/CVE-2011-3624 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.3EPSS: 1%CPEs: 5EXPL: 0

CVE-2019-16254 – ruby: HTTP response splitting in WEBrick

https://notcve.org/view.php?id=CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, permite HTTP Response Splitting. Si un programa que utiliza WEBrick inserta información no segura en el encabezado de respuesta, un atacante puede explotarlo para insertar un carácter newline para dividir un encabezado e inyectar contenido malicioso para engañar a los clientes. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html https://hackerone.com/reports/331984 https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://seclists.org/bugtraq/2019/Dec/31 https://seclists.org/bugtraq/2019/Dec/32 https://security • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2018-16395 – ruby: OpenSSL::X509:: Name equality check does not work correctly

https://notcve.org/view.php?id=CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. Se ha descubierto un problema en la biblioteca OpenSSL en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securitytracker.com/id/1042105 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2018:3738 https://access.redhat.com/errata/RHSA-2019:1948 https://access.redhat.com/errata/RHSA-2019:2565 https://hackerone.com/reports/387250 https://lists.debian.org/debian-lts • CWE-295: Improper Certificate Validation •