13977 matches found
OPENSUSE-SU-2026:10337-1 ruby4.0-rubygem-actionmailer-8.0-8.0.3-1.3 on GA media
These are all security issues fixed in the ruby4.0-rubygem-actionmailer-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10351-1 ruby4.0-rubygem-json_pure-2.7.6-1.5 on GA media
These are all security issues fixed in the ruby4.0-rubygem-jsonpure-2.7.6-1.5 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10348-1 ruby4.0-rubygem-grpc-1.70.1-1.7 on GA media
These are all security issues fixed in the ruby4.0-rubygem-grpc-1.70.1-1.7 package on the GA media of openSUSE Tumbleweed...
Photon OS 4.0: Ruby PHSA-2026-4.0-0976
An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0976. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
GHSA-MHG6-2Q2V-9H2C sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...
EUVD-2026-10933
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...
EUVD-2026-10932
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...
Critical Photon OS Security Update - PHSA-2026-4.0-0976
Updates of 'ImageMagick', 'ruby' packages of Photon OS have been released...
CVE-2026-31830
sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...
CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...
CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...
CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...
CVE-2026-31830
sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...
PT-2026-24484
Name of the Vulnerable Software and Affected Versions sigstore-ruby versions prior to 0.2.3 Description The software does not correctly handle verification failures when the artifact digest does not match the digest in the in-toto attestation subject. Specifically, the Sigstore::Verifierverify...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.15 Vulnerability Details CVEID:CVE-2026-22860 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the...
NewStart CGSL MAIN 6.06 (SP) : ruby Multiple Vulnerabilities (NS-SA-2026-0023)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has ruby packages installed that are affected by multiple vulnerabilities: - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...
MarkUs 安全漏洞
MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.4 contained a security vulnerability due to the lack of size or item quantity limits when extracting zip files...
CVE-2026-22479
Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submission: from n/a through = 2.4.0...
PT-2026-23211
Name of the Vulnerable Software and Affected Versions ThemeRuby Easy Post Submission versions through 2.2.0 Description The software contains a missing authorization flaw, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access...