[VIM] [CVENEW] New CVE CANs: 2013/03/20 18:00 ; count=4

coley at mitre.org coley at mitre.org
Wed Mar 20 17:04:46 CDT 2013


======================================================
Name: CVE-2013-1875
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1875
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: FULLDISC:20130318 Remote command execution in Ruby Gem Command Wrap
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/175
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120847/Ruby-Gem-Command-Wrap-Command-Execution.html
Reference: OSVDB:91450
Reference: URL:http://www.osvdb.org/91450

command_wrap.rb in the command_wrap Gem for Ruby allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL or filename.



======================================================
Name: CVE-2013-2615
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2615
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130318
Category: 
Reference: FULLDISC:20130312 Ruby gem fastreader-1.0.8 remote code exec
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/122
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html
Reference: MISC:http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html
Reference: OSVDB:91232
Reference: URL:http://www.osvdb.org/91232

lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows
remote attackers to execute arbitrary commands via shell
metacharacters in a URL.



======================================================
Name: CVE-2013-2616
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2616
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130318
Category: 
Reference: FULLDISC:20130312 MiniMagic ruby gem remote code execution
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/123
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120777/Ruby-Gem-Minimagic-Command-Execution.html
Reference: OSVDB:91231
Reference: URL:http://www.osvdb.org/91231

lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL.



======================================================
Name: CVE-2013-2617
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2617
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130318
Category: 
Reference: FULLDISC:20130312 Curl Ruby Gem Remote command execution
Reference: URL:http://seclists.org/fulldisclosure/2013/Mar/124
Reference: MLIST:[oss-security] 20130319 Fwd: CVE requests
Reference: URL:http://www.openwall.com/lists/oss-security/2013/03/19/9
Reference: MISC:http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html
Reference: OSVDB:91230
Reference: URL:http://www.osvdb.org/91230

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to
execute arbitrary commands via shell metacharacters in a URL.





More information about the VIM mailing list