|Category:||Huawei EulerOS Local Security Checks|
|Title:||Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-2219)|
|Summary:||The remote host is missing an update for the Huawei EulerOS; 'ruby' package(s) announced via the EulerOS-SA-2020-2219 advisory.|
The remote host is missing an update for the Huawei EulerOS
'ruby' package(s) announced via the EulerOS-SA-2020-2219 advisory.
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.(CVE-2019-15845)
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the 'command' argument) to Shell# or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.(CVE-2019-16255)
WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.(CVE-2019-16201)
The web application exposed by the Canon Oce Colorwave 500 22.214.171.124 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp. The vulnerable parameter is map(template_name). NOTE: this is fixed in the latest version.(CVE-2020-10667)
'ruby' package(s) on Huawei EulerOS Virtualization 126.96.36.199.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2019-15845|
Common Vulnerability Exposure (CVE) ID: CVE-2019-16201
Common Vulnerability Exposure (CVE) ID: CVE-2019-16255
Common Vulnerability Exposure (CVE) ID: CVE-2020-10667
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.