New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- ruby: HTTP response splitting in WEBrick (CVE-2017-17742)
- ruby: DoS by large request in WEBrick (CVE-2018-8777)
- ruby: Buffer under-read in String#unpack (CVE-2018-8778)
- ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)
- ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396)
- rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)
- rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)
- rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)
- rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)
- rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)
- rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)
- ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (CVE-2018-6914)
- ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket (CVE-2018-8779)
- rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)
SolutionUpdate the affected packages.