CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0CVE-2015-7551 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. La implementación Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, según se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena manipulada, relacionado con el módulo DL y la librería libffi. NOTA: esta vulnerabilidad existe por una regresión de CVE-2009-5147. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.h • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.9EPSS: 0%CPEs: 42EXPL: 0CVE-2015-3900 – rubygems: DNS hijacking vulnerability in api_endpoint()
https://notcve.org/view.php?id=CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." RubyGems 2.0.x en versiones anteriores a 2.0.16, 2.2.x en versiones anteriores a 2.2.4 y 2.4.x en versiones anteriores a 2.4.7 no valida el nombre de host al recuperar gemas o hacer solicitudes de API, lo que permite a atacantes remotos redireccionar peticiones a dominios arbitrarios a través del registro DNS SRV manipulado, también conocido como un "ataque de secuestro de DNS". A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. • http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html http://rhn.redhat.com/errata/RHSA-2015-1657.html http://www.openwall.com/lists/oss-security/2015/06/26/2 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http:// • CWE-254: 7PK - Security Features CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.8EPSS: 9%CPEs: 17EXPL: 2CVE-2013-0233 – Ruby On Rails Devise Authentication Password Reset
https://notcve.org/view.php?id=CVE-2013-0233
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. Devise v2.2.x antes de v2.2.3, v2.1.x antes de v2.1.3, v2.0.x antes de v2.0.5, v1.5.x antes de v1.5.4 de Ruby, al utilizar ciertas bases de datos, no funciona correctamente cuando se realiza la conversión de tipos consultas de base de datos, lo que podría permitir a atacantes remotos provocar resultados incorrectos para ser devueltos y eludir los controles de seguridad a través de vectores desconocidos, como lo demuestra restablecer las contraseñas de las cuentas arbitrarias. • http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html http://www.metasploit.com/modules/auxiliary/admin/http/rails_devise_pass_reset http://www.openwall.com/lists/oss-security/2013/01/29/3 http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html http://www.securityfocus.com/bid/57577 https://github.com/Snorby/snorby/i • CWE-399: Resource Management Errors •