14089 matches found
USN-7735-1: RubyGems vulnerabilities
It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could use this issue to cause RubyGems to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28755 It was discovered that RubyGems incorrectly handled decompresse...
USN-7735-1 rubygems vulnerabilities
It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could use this issue to cause RubyGems to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28755 It was discovered that RubyGems incorrectly handled decompresse...
USN-7734-1 ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled certain IO stream methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. CVE-2024-27280 It was discovered that th...
Linux Distros Unpatched Vulnerability : CVE-2019-25025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering...
Linux Distros Unpatched Vulnerability : CVE-2023-51774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...
SUSE SLES15 Security Update : ruby2.5 (SUSE-SU-2025:02739-2)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02739-2 advisory. - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo...
Security update for ruby2.5
This update for ruby2.5 fixes the following issues: CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805 Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2025:02739-2 Security update for ruby2.5
This update for ruby2.5 fixes the following issues: - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo leakage in URIjoin, URImerge and URI+ bsc1237805...
MAL-2025-46925 Malicious code in authzd-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 45ba3e72eb15bda66737b4c0b7addefe2fa72e79d4a38a82e9dd53722cc04f7b The OpenSSF Package Analysis project identified 'authzd-client' @ 0.11.10.r813fef313 rubygems as malicious. It is considered malicious because: ...
Malicious code in authzd-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 45ba3e72eb15bda66737b4c0b7addefe2fa72e79d4a38a82e9dd53722cc04f7b The OpenSSF Package Analysis project identified 'authzd-client' @ 0.11.10.r813fef313 rubygems as malicious. It is considered malicious because: ...
MAL-2025-46924 Malicious code in advisory_db_toolkit (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
Malicious code in advisory_db_toolkit (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f9757e1ad29ad430d32886a0fcfa47e48a29e5e4af901f48e305216133028e6 The OpenSSF Package Analysis project identified 'advisorydbtoolkit' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
MAL-2025-46926 Malicious code in github_chatops_extensions (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6269b59c516350c690f7fdf09dff674c52173f38074e8ac6f7b012352851797b The OpenSSF Package Analysis project identified 'githubchatopsextensions' @ 0.5.2.96.g33cefed rubygems as malicious. It is considered malicious...
Malicious code in github_chatops_extensions (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6269b59c516350c690f7fdf09dff674c52173f38074e8ac6f7b012352851797b The OpenSSF Package Analysis project identified 'githubchatopsextensions' @ 0.5.2.96.g33cefed rubygems as malicious. It is considered malicious...
MAL-2025-46930 Malicious code in monolith-twirp-mailreplies-replies (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c1e0b39ca2393b053f31bdaab06ece9ef73680eb15866a4936b52862b42f305c The OpenSSF Package Analysis project identified 'monolith-twirp-mailreplies-replies' @ 1.0.0 rubygems as malicious. It is considered malicious...
MAL-2025-46931 Malicious code in monolith-twirp-merge-queue-go-mergequeuemonolith (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 58e829a595050f4922bb0937c2d6c0d2759059af987ceb38f0c33712345eadc2 The OpenSSF Package Analysis project identified 'monolith-twirp-merge-queue-go-mergequeuemonolith' @ 1.0.2 rubygems as malicious. It is consider...
Malicious code in monolith-twirp-merge-queue-go-mergequeuemonolith (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 58e829a595050f4922bb0937c2d6c0d2759059af987ceb38f0c33712345eadc2 The OpenSSF Package Analysis project identified 'monolith-twirp-merge-queue-go-mergequeuemonolith' @ 1.0.2 rubygems as malicious. It is consider...
Malicious code in monolith-twirp-mailreplies-replies (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c1e0b39ca2393b053f31bdaab06ece9ef73680eb15866a4936b52862b42f305c The OpenSSF Package Analysis project identified 'monolith-twirp-mailreplies-replies' @ 1.0.0 rubygems as malicious. It is considered malicious...
Malicious code in monolith-twirp-github-repositories (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b6ab9bea194d9fa5ad57b833b09316a0c338a6beb920638e9aff880730969c89 The OpenSSF Package Analysis project identified 'monolith-twirp-github-repositories' @ 1.0.0 rubygems as malicious. It is considered malicious...
MAL-2025-46929 Malicious code in monolith-twirp-github-repositories (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b6ab9bea194d9fa5ad57b833b09316a0c338a6beb920638e9aff880730969c89 The OpenSSF Package Analysis project identified 'monolith-twirp-github-repositories' @ 1.0.0 rubygems as malicious. It is considered malicious...