English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.121313
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 201412-27
Summary:Gentoo Linux Local Security Checks GLSA 201412-27
Description:Summary:
Gentoo Linux Local Security Checks GLSA 201412-27

Vulnerability Insight:
Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details.

Solution:
Update the affected packages to the latest available version.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0188
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:097
http://www.mandriva.com/security/advisories?name=MDVSA-2011:098
http://www.redhat.com/support/errata/RHSA-2011-0908.html
http://www.redhat.com/support/errata/RHSA-2011-0909.html
http://www.redhat.com/support/errata/RHSA-2011-0910.html
http://www.securitytracker.com/id?1025236
Common Vulnerability Exposure (CVE) ID: CVE-2011-1004
43434
http://secunia.com/advisories/43434
43573
http://secunia.com/advisories/43573
46460
http://www.securityfocus.com/bid/46460
70958
http://osvdb.org/70958
ADV-2011-0539
http://www.vupen.com/english/advisories/2011/0539
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
FEDORA-2011-1876
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html
FEDORA-2011-1913
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html
MDVSA-2011:097
RHSA-2011:0909
RHSA-2011:0910
[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE
http://www.openwall.com/lists/oss-security/2011/02/21/2
[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE
http://www.openwall.com/lists/oss-security/2011/02/21/5
http://support.apple.com/kb/HT5281
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
https://bugzilla.redhat.com/show_bug.cgi?id=678913
Common Vulnerability Exposure (CVE) ID: CVE-2011-1005
43420
http://secunia.com/advisories/43420
46458
http://www.securityfocus.com/bid/46458
70957
http://osvdb.org/70957
MDVSA-2011:098
RHSA-2011:0908
http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
https://bugzilla.redhat.com/show_bug.cgi?id=678920
Common Vulnerability Exposure (CVE) ID: CVE-2011-4815
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
http://jvn.jp/en/jp/JVN90615481/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606
RedHat Security Advisories: RHSA-2012:0069
http://rhn.redhat.com/errata/RHSA-2012-0069.html
RedHat Security Advisories: RHSA-2012:0070
http://rhn.redhat.com/errata/RHSA-2012-0070.html
http://www.securitytracker.com/id?1026474
http://secunia.com/advisories/47405
http://secunia.com/advisories/47822
XForce ISS Database: ruby-hash-dos(72020)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72020
Common Vulnerability Exposure (CVE) ID: CVE-2012-4481
MDVSA-2013:124
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
RHSA-2013:0129
http://rhn.redhat.com/errata/RHSA-2013-0129.html
RHSA-2013:0612
http://rhn.redhat.com/errata/RHSA-2013-0612.html
[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
http://www.openwall.com/lists/oss-security/2012/10/05/4
https://bugzilla.redhat.com/show_bug.cgi?id=863484
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
Common Vulnerability Exposure (CVE) ID: CVE-2012-5371
BugTraq ID: 56484
http://www.securityfocus.com/bid/56484
http://2012.appsec-forum.ch/conferences/#c17
http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
http://www.ocert.org/advisories/ocert-2012-001.html
https://www.131002.net/data/talks/appsec12_slides.pdf
http://www.osvdb.org/87280
http://securitytracker.com/id?1027747
http://secunia.com/advisories/51253
http://www.ubuntu.com/usn/USN-1733-1
XForce ISS Database: ruby-hash-function-dos(79993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79993
Common Vulnerability Exposure (CVE) ID: CVE-2013-0269
52075
http://secunia.com/advisories/52075
52774
http://secunia.com/advisories/52774
52902
http://secunia.com/advisories/52902
57899
http://www.securityfocus.com/bid/57899
90074
http://www.osvdb.org/90074
APPLE-SA-2013-10-22-5
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
RHSA-2013:0686
http://rhn.redhat.com/errata/RHSA-2013-0686.html
RHSA-2013:0701
http://rhn.redhat.com/errata/RHSA-2013-0701.html
RHSA-2013:1028
http://rhn.redhat.com/errata/RHSA-2013-1028.html
RHSA-2013:1147
http://rhn.redhat.com/errata/RHSA-2013-1147.html
SSA:2013-075-01
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862
SUSE-SU-2013:0609
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html
SUSE-SU-2013:0647
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html
USN-1733-1
[oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]
http://www.openwall.com/lists/oss-security/2013/02/11/7
[oss-security] 20130211 Patch update for [CVE-2013-0269]
http://www.openwall.com/lists/oss-security/2013/02/11/8
[rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269]
https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain
http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection
https://puppet.com/security/cve/cve-2013-0269
json-ruby-security-bypass(82010)
https://exchange.xforce.ibmcloud.com/vulnerabilities/82010
openSUSE-SU-2013:0603
http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1821
BugTraq ID: 58141
http://www.securityfocus.com/bid/58141
Debian Security Information: DSA-2738 (Google Search)
http://www.debian.org/security/2013/dsa-2738
Debian Security Information: DSA-2809 (Google Search)
http://www.debian.org/security/2013/dsa-2809
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702525
https://bugzilla.redhat.com/show_bug.cgi?id=914716
http://www.openwall.com/lists/oss-security/2013/03/06/5
RedHat Security Advisories: RHSA-2013:0611
http://rhn.redhat.com/errata/RHSA-2013-0611.html
RedHat Security Advisories: RHSA-2013:0612
RedHat Security Advisories: RHSA-2013:1028
RedHat Security Advisories: RHSA-2013:1147
http://secunia.com/advisories/52783
SuSE Security Announcement: SUSE-SU-2013:0609 (Google Search)
SuSE Security Announcement: SUSE-SU-2013:0647 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0603 (Google Search)
SuSE Security Announcement: openSUSE-SU-2013:0614 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00036.html
http://www.ubuntu.com/usn/USN-1780-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4164
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
BugTraq ID: 63873
http://www.securityfocus.com/bid/63873
Debian Security Information: DSA-2810 (Google Search)
http://www.debian.org/security/2013/dsa-2810
http://osvdb.org/100113
RedHat Security Advisories: RHSA-2013:1763
http://rhn.redhat.com/errata/RHSA-2013-1763.html
RedHat Security Advisories: RHSA-2013:1764
http://rhn.redhat.com/errata/RHSA-2013-1764.html
RedHat Security Advisories: RHSA-2013:1767
http://rhn.redhat.com/errata/RHSA-2013-1767.html
RedHat Security Advisories: RHSA-2014:0011
http://rhn.redhat.com/errata/RHSA-2014-0011.html
RedHat Security Advisories: RHSA-2014:0215
http://rhn.redhat.com/errata/RHSA-2014-0215.html
http://secunia.com/advisories/55787
http://secunia.com/advisories/57376
SuSE Security Announcement: SUSE-SU-2013:1897 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html
SuSE Security Announcement: openSUSE-SU-2013:1834 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html
SuSE Security Announcement: openSUSE-SU-2013:1835 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html
http://www.ubuntu.com/usn/USN-2035-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-8080
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
BugTraq ID: 70935
http://www.securityfocus.com/bid/70935
Debian Security Information: DSA-3157 (Google Search)
http://www.debian.org/security/2015/dsa-3157
Debian Security Information: DSA-3159 (Google Search)
http://www.debian.org/security/2015/dsa-3159
http://www.mandriva.com/security/advisories?name=MDVSA-2015:129
RedHat Security Advisories: RHSA-2014:1911
http://rhn.redhat.com/errata/RHSA-2014-1911.html
RedHat Security Advisories: RHSA-2014:1912
http://rhn.redhat.com/errata/RHSA-2014-1912.html
RedHat Security Advisories: RHSA-2014:1913
http://rhn.redhat.com/errata/RHSA-2014-1913.html
RedHat Security Advisories: RHSA-2014:1914
http://rhn.redhat.com/errata/RHSA-2014-1914.html
http://secunia.com/advisories/61607
http://secunia.com/advisories/62050
http://secunia.com/advisories/62748
SuSE Security Announcement: openSUSE-SU-2014:1589 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html
SuSE Security Announcement: openSUSE-SU-2015:0002 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html
SuSE Security Announcement: openSUSE-SU-2015:0007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html
http://www.ubuntu.com/usn/USN-2397-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-8090
BugTraq ID: 71230
http://www.securityfocus.com/bid/71230
http://secunia.com/advisories/59948
http://www.ubuntu.com/usn/USN-2412-1
CopyrightCopyright (C) 2015 Eero Volotinen

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.