CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 1CVE-2017-17790 – ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2017-17790
20 Dec 2017 — The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. La función lazy_initialize en lib/resolv.rb en Ruby hasta la versión 2.4.3 utiliza Kernel#open, lo que podría permitir ataques de inyección de comandos, tal y como demuestra un argumento Reso... • https://access.redhat.com/errata/RHSA-2018:0378 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 87%CPEs: 17EXPL: 1CVE-2017-17405 – Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection
https://notcve.org/view.php?id=CVE-2017-17405
15 Dec 2017 — Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. • https://www.exploit-db.com/exploits/43381 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 1%CPEs: 14EXPL: 0CVE-2017-10784 – ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
https://notcve.org/view.php?id=CVE-2017-10784
19 Sep 2017 — The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. El código de autenticación Basic en la biblioteca WEBrick en Ruby en versiones anteriores a la 2.2.8, 2.3.x anteriores a la 2.3.5 y 2.4.x hasta la 2.4.1 permite que atacantes remotos inyecten secuencias de escape del emulador del terminal en su regis... • http://www.securityfocus.com/bid/100853 • CWE-117: Improper Output Neutralization for Logs CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 3%CPEs: 24EXPL: 0CVE-2017-14033 – ruby: Buffer underrun in OpenSSL ASN1 decode
https://notcve.org/view.php?id=CVE-2017-14033
19 Sep 2017 — The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. El método decode en el módulo OpenSSL::ASN1 en Ruby en versiones anteriores a la 2.2.8, versiones 2.3.x anteriores a 2.3.5, y 2.4.x hasta la 2.4.1 permite que los atacantes provoquen una denegación de servicio (cierre inesperado del intérprete) mediante una string manipulada. It was found that the decode method... • http://www.securityfocus.com/bid/100868 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 2CVE-2017-0898 – ruby: Buffer underrun vulnerability in Kernel.sprintf
https://notcve.org/view.php?id=CVE-2017-0898
15 Sep 2017 — Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Ruby, en versiones anteriores a la 2.4.2, 2.3.5 y 2.2.8, es vulnerable a una cadena de formato maliciosa qe contiene un especificador (*) con un valor grande negativo. Esta situación puede provocar un desbordamiento de búfer, provocando una ... • http://www.securityfocus.com/bid/100862 • CWE-122: Heap-based Buffer Overflow CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 1CVE-2017-14064 – ruby: Arbitrary heap exposure during a JSON.generate call
https://notcve.org/view.php?id=CVE-2017-14064
31 Aug 2017 — Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup ... • http://www.securityfocus.com/bid/100890 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2015-9096 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2015-9096
12 Jun 2017 — Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. El modulo Net::SMTP de Ruby anterior a su versión 2.4.0 es vulnerable a la inyección de comandos SMTP mediante secuencias CRLF de los comandos "RCPT TO" o "MAIL FROM", como demuestra las secuencias CRLF inmediatamente antes y después de la substring DATA. It was discovered that Ruby DL::dlopen incorrectly... • http://www.mbsd.jp/Whitepaper/smtpi.pdf • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-9225
https://notcve.org/view.php?id=CVE-2017-9225
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), ... • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-9229 – oniguruma: Invalid pointer dereference in left_adjust_char_head()
https://notcve.org/view.php?id=CVE-2017-9229
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7... • https://access.redhat.com/errata/RHSA-2018:1296 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2016-2336
https://notcve.org/view.php?id=CVE-2016-2336
06 Jan 2017 — Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. Existe un tipo de confusión en dos métodos de la clase WIN32OLE de Ruby, ole_invoke y ole_query_interface. El atacante que pasa un diferente tipo de objeto del que es asumido por los desarrolladores puede provocar la ejecución de código arbitrario. • http://www.talosintelligence.com/reports/TALOS-2016-0029 •