CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1CVE-2012-2139 – rubygem-mail: directory traversal
https://notcve.org/view.php?id=CVE-2012-2139
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. Vulnerabilidad de salto de directorio en lib/mail/network/delivery_methods/file_delivery.rb en la gema Mail antes de v2.4.3 para Ruby, permite a atacantes remotos para leer archivos de su elección a través de .. (punto punto) en el parámetro to. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html http://secunia.com/advisories/48970 http://www.openwall.com/lists/oss-security/2012/04/25/8 http://www.openwall.com/lists/oss-security/2012/04/26/1 https://bugzilla.novell.com/show_bug.cgi?id=759092 https://bugzilla.redhat.com/show_bug.cgi?id=8163 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2012-2140 – rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
https://notcve.org/view.php?id=CVE-2012-2140
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. La gema Mail antes de v2.4.3 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres en (1) sendmail o (2) una entrega exim. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080645.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080648.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080747.html http://secunia.com/advisories/48970 http://www.openwall.com/lists/oss-security/2012/04/25/8 http://www.openwall.com/lists/oss-security/2012/04/26/1 https://bugzilla.novell.com/show_bug.cgi?id=759092 https://bugzilla.redhat.com/show_bug.cgi?id=8163 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •