EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-2056)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

Medium: ruby3.2

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is...

ROS-20250908-11

The vulnerability in the Ruby interpreter is related to the fact that the application does not control internal resource consumption when processing DNS packets properly. resources when processing DNS packets properly. Exploitation of the vulnerability could allow an attacker, acting locally to...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1168)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1168 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory...

metasploit-framework

This is an offensive tool for penetration testing. It is the Metasploit Framework, a comprehensive platform for developing and executing exploits. The framework is written in Ruby and provides a wide range of features for penetration testing, including exploit development, vulnerability scanning,...

ruby-advisory-db

This is a database of security advisories for Ruby libraries, maintained by the ruby-advisory-db project. The database contains a list of directories that match the names of Ruby libraries on rubygems.org, with each directory containing one or more advisory files for the library. Each advisory fi...

xss

This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...

CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5

CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5. A patched version of the package is available...

SUSE SLES15 Security Update : ruby2.5 (SUSE-SU-2025:02814-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02814-2 advisory. - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Tenable has extracted the preceding description block directl...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 : Ruby vulnerabilities (USN-7734-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7734-1 advisory. It was discovered that Ruby incorrectly handled certain IO stream methods. A remote attacker could use this...

Ubuntu: Security Advisory (USN-7734-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Astronomer with IBM is vulnerable to request smuggling due to the Ruby WEBrick package (CVE-2025-6442)

Summary WEBrick is used by Astronomer with IBM as part of the application processing functionality. Vulnerability Details CVEID:CVE-2025-6442 DESCRIPTION: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

SUSE-SU-2025:02814-2 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905...

HPACK table poisoning in gRPC C++, Python & Ruby

...

Linux Distros Unpatched Vulnerability : CVE-2013-0162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink...

Amazon Linux 2 : ruby, --advisory ALAS2-2025-2990 (ALAS-2025-2990)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2990 advisory. An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter...

Medium: ruby

Issue Overview: An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...