CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0CVE-2015-7551 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. La implementación Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, según se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena manipulada, relacionado con el módulo DL y la librería libffi. NOTA: esta vulnerabilidad existe por una regresión de CVE-2009-5147. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.h • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.9EPSS: 0%CPEs: 42EXPL: 0CVE-2015-3900 – rubygems: DNS hijacking vulnerability in api_endpoint()
https://notcve.org/view.php?id=CVE-2015-3900
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." RubyGems 2.0.x en versiones anteriores a 2.0.16, 2.2.x en versiones anteriores a 2.2.4 y 2.4.x en versiones anteriores a 2.4.7 no valida el nombre de host al recuperar gemas o hacer solicitudes de API, lo que permite a atacantes remotos redireccionar peticiones a dominios arbitrarios a través del registro DNS SRV manipulado, también conocido como un "ataque de secuestro de DNS". A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. • http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html http://rhn.redhat.com/errata/RHSA-2015-1657.html http://www.openwall.com/lists/oss-security/2015/06/26/2 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http:// • CWE-254: 7PK - Security Features CWE-345: Insufficient Verification of Data Authenticity •