Количество 31
Количество 31
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...
GHSA-ggxm-pgc9-g7fp
Arbitrary Code Execution in Rdoc
BDU:2021-05398
Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, позволяющая нарушителю выполнить произвольные команды
GHSA-gx49-h5r3-q3xj
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
BDU:2021-04264
Уязвимость реализации класса Net::IMAP интерпретатора Ruby, позволяющая нарушителю реализовать атаку типа «человек посередине»
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | CVSS3: 7 | 1% Низкий | около 4 лет назад |
 | CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | CVSS3: 7 | 1% Низкий | почти 4 года назад |
| CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ... | CVSS3: 7 | 1% Низкий | почти 4 года назад |
 | CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
| CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
| CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
| CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ... | CVSS3: 7.4 | 0% Низкий | почти 4 года назад |
| GHSA-ggxm-pgc9-g7fp Arbitrary Code Execution in Rdoc | CVSS3: 7 | 1% Низкий | почти 4 года назад |
 | BDU:2021-05398 Уязвимость встроенного генератора документации RDoc для языка программирования Ruby, позволяющая нарушителю выполнить произвольные команды | CVSS3: 7 | 1% Низкий | около 4 лет назад |
| GHSA-gx49-h5r3-q3xj An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 7.4 | 0% Низкий | около 3 лет назад |
| BDU:2021-04264 Уязвимость реализации класса Net::IMAP интерпретатора Ruby, позволяющая нарушителю реализовать атаку типа «человек посередине» | CVSS3: 6.5 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу