Skip to content

Commit

Permalink
Auto-Update: 2023-12-14T21:00:24.921161+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 14, 2023
1 parent d16e351 commit 26af71c
Show file tree
Hide file tree
Showing 68 changed files with 4,421 additions and 302 deletions.
83 changes: 76 additions & 7 deletions CVE-2009/CVE-2009-41xx/CVE-2009-4123.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,100 @@
"id": "CVE-2009-4123",
"sourceIdentifier": "[email protected]",
"published": "2023-12-12T16:15:07.407",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:36:27.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation."
},
{
"lang": "es",
"value": "La gema jruby-openssl anterior a 0.6 para JRuby maneja mal la validaci\u00f3n del certificado SSL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jruby:jruby-openssl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.6",
"matchCriteriaId": "EE19B114-736D-4954-B481-4FDC948A6ABE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/advisories/GHSA-xgv7-pqqh-h2w9",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
}
]
}
73 changes: 68 additions & 5 deletions CVE-2013/CVE-2013-25xx/CVE-2013-2513.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,86 @@
"id": "CVE-2013-2513",
"sourceIdentifier": "[email protected]",
"published": "2023-12-12T16:15:07.490",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:35:18.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file."
},
{
"lang": "es",
"value": "La gema flash_tool hasta 0.6.0 para Ruby permite la ejecuci\u00f3n de comandos mediante metacaracteres de shell en el nombre de un archivo descargado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:milboj:flash_tool:*:*:*:*:*:ruby:*:*",
"versionEndIncluding": "0.6.0",
"matchCriteriaId": "748F9BDE-66DE-47F3-B1C4-0DF7F2B20895"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-6325-6g32-7p35",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
}
]
}
68 changes: 64 additions & 4 deletions CVE-2015/CVE-2015-21xx/CVE-2015-2179.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,79 @@
"id": "CVE-2015-2179",
"sourceIdentifier": "[email protected]",
"published": "2023-12-12T17:15:07.383",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:35:06.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments."
},
{
"lang": "es",
"value": "xaviershay-dm-rails gem 0.10.3.8 para Ruby permite a los usuarios locales descubrir las credenciales de MySQL enumerando un proceso y sus argumentos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xaviershay-dm-rails_porject:xaviershay-dm-rails:0.10.3.8:*:*:*:*:ruby:*:*",
"matchCriteriaId": "B433654E-4DB3-478F-8703-EDB7F9111EED"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.vapid.dhs.org/advisory.php?v=115",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
79 changes: 73 additions & 6 deletions CVE-2015/CVE-2015-83xx/CVE-2015-8314.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,94 @@
"id": "CVE-2015-8314",
"sourceIdentifier": "[email protected]",
"published": "2023-12-12T17:15:07.450",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-14T20:34:05.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access."
},
{
"lang": "es",
"value": "Devise gem anterior a 3.5.4 para Ruby maneja mal las cookies Recordarme para las sesiones, lo que puede permitir que un adversario obtenga acceso persistente no autorizado a la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:heartcombo:devise:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "3.5.4",
"matchCriteriaId": "693703F3-9D16-4FB7-930F-0FD309D1D3F4"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Patch"
]
},
{
"url": "https://rubysec.com/advisories/CVE-2015-8314/",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
}
]
}
Loading

0 comments on commit 26af71c

Please sign in to comment.