OPENSUSE-SU-2025:15479-1 ruby3.4-rubygem-activerecord-8.0-8.0.1-2.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activerecord-8.0-8.0.1-2.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2025-25293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote...

GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2011-10026 Spreecommerce < 0.50.x API RCE

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Linux Distros Unpatched Vulnerability : CVE-2024-27281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAM...

Linux Distros Unpatched Vulnerability : CVE-2024-27280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods o...

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Linux Distros Unpatched Vulnerability : CVE-2023-4785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of...

Linux Distros Unpatched Vulnerability : CVE-2024-27282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap da...

Linux Distros Unpatched Vulnerability : CVE-2021-33621

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use...

PT-2025-34107 · Undefined · Undefined

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstance eval parameter, which is dynamically invoked using Ruby’s send method. Th...

Linux Distros Unpatched Vulnerability : CVE-2019-8320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include...

CLSA-2025-1755617966 ruby: Fix of CVE-2023-36617

CVE-2023-36617: fix mishandling invalid URLs that have specific characters in URI parser to prevent ReDoS issue...

Linux Distros Unpatched Vulnerability : CVE-2025-54572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in...

Ubuntu: Security Advisory (USN-7695-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-6442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected...

Linux Distros Unpatched Vulnerability : CVE-2014-0083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. CVE-2014-0083 Note that Nessus relies on the presence of the package as...