GHSA-22H5-PQ3X-2GF2 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby, jruby, ruby3.2-rails, ruby3.4-uri, ruby3.3-rails, ruby3.2-uri, logstash, ruby3.3-uri, ruby3.4-rails...

GHSA-MHWM-JH88-3GJF CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

GHSA-MHWM-JH88-3GJF vulnerabilities

Vulnerabilities for packages: ruby, jruby, logstash...

GHSA-MHWM-JH88-3GJF vulnerabilities

Vulnerabilities for packages: elasticsearch, jruby, ruby, logstash...

GHSA-GH9Q-2XRM-X6QV vulnerabilities

Vulnerabilities for packages: ruby, jruby, logstash...

GHSA-GH9Q-2XRM-X6QV vulnerabilities

Vulnerabilities for packages: elasticsearch, jruby, ruby, logstash...

Linux Distros Unpatched Vulnerability : CVE-2011-2705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, whic...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

Linux Distros Unpatched Vulnerability : CVE-2011-2686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context- dependent attackers to predict the values of random numbe...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-39908)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39908 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when...

CVE-2025-27220

CVE-2025-27220 affects the CGI gem in Ruby, with a Regular Expression DoS in CGI::Util#escapeElement present in versions prior to 0.4.2. Documents indicate a DoS risk due to unbounded processing of input during cookie handling; no exploit details or affected environments are provided beyond this....

openSUSE Security Advisory (SUSE-SU-2025:0736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-39908)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39908 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2025-27221

CVE-2025-27221 affects the Ruby URI module (URI.join, URI#merge, URI#+). The root issue is leakage of userinfo credentials when the host is changed, as userinfo is retained. This impacts versions of the URI gem prior to 1.0.3; the issue is fixed in 1.0.3 and later. If exploited, credential exposu...

Ubuntu: Security Advisory (USN-7309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...