rpm package
almalinux/rubygem-pg
pkg:rpm/almalinux/rubygem-pg
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-16254 | — | < 1.0.0-2.module_el8.5.0+2625+ec418553 | 1.0.0-2.module_el8.5.0+2625+ec418553 | Nov 26, 2019 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content t | ||
| CVE-2019-16201 | — | < 1.0.0-2.module_el8.5.0+2625+ec418553 | 1.0.0-2.module_el8.5.0+2625+ec418553 | Nov 26, 2019 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | ||
| CVE-2019-19012 | — | < 1.0.0-3.module_el8.9.0+3635+c6f99506 | 1.0.0-3.module_el8.9.0+3635+c6f99506 | Nov 16, 2019 | An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a d | ||
| CVE-2019-8324 | — | < 1.0.0-2.module_el8.5.0+2625+ec418553 | 1.0.0-2.module_el8.5.0+2625+ec418553 | Jun 17, 2019 | An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall c |
- CVE-2019-16254Nov 26, 2019affected < 1.0.0-2.module_el8.5.0+2625+ec418553fixed 1.0.0-2.module_el8.5.0+2625+ec418553
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content t
- CVE-2019-16201Nov 26, 2019affected < 1.0.0-2.module_el8.5.0+2625+ec418553fixed 1.0.0-2.module_el8.5.0+2625+ec418553
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.
- CVE-2019-19012Nov 16, 2019affected < 1.0.0-3.module_el8.9.0+3635+c6f99506fixed 1.0.0-3.module_el8.9.0+3635+c6f99506
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a d
- CVE-2019-8324Jun 17, 2019affected < 1.0.0-2.module_el8.5.0+2625+ec418553fixed 1.0.0-2.module_el8.5.0+2625+ec418553
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall c
Page 3 of 3