[VIM] [CVENEW] New CVE CANs: 2013/03/20 18:00 ; count=4
coley at mitre.org
coley at mitre.org
Wed Mar 20 17:04:46 CDT 2013
======================================================
Name: CVE-2013-1875
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1875
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130219
Category:
Reference: FULLDISC:20130318 Remote command execution in Ruby Gem Command Wrap
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/175
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120847/Ruby-Gem-Command-Wrap-Command-Execution.html
Reference: OSVDB:91450
Reference: URL:http://www.osvdb.org/91450
command_wrap.rb in the command_wrap Gem for Ruby allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL or filename.
======================================================
Name: CVE-2013-2615
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2615
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130318
Category:
Reference: FULLDISC:20130312 Ruby gem fastreader-1.0.8 remote code exec
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/122
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html
Reference: MISC:http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html
Reference: OSVDB:91232
Reference: URL:http://www.osvdb.org/91232
lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows
remote attackers to execute arbitrary commands via shell
metacharacters in a URL.
======================================================
Name: CVE-2013-2616
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2616
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130318
Category:
Reference: FULLDISC:20130312 MiniMagic ruby gem remote code execution
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/123
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html
Reference: OSVDB:91231
Reference: URL:http://www.osvdb.org/91231
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL.
======================================================
Name: CVE-2013-2617
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2617
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20130318
Category:
Reference: FULLDISC:20130312 Curl Ruby Gem Remote command execution
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/124
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html
Reference: OSVDB:91230
Reference: URL:http://www.osvdb.org/91230
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to
execute arbitrary commands via shell metacharacters in a URL.
More information about the VIM
mailing list