MiracleLinux 7 : rh-ruby30-ruby-3.0.4-149.el7 (AXSA:2022-3890:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3890:01 advisory. ruby: buffer overflow in CGI.escapehtml CVE-2021-41816 ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-418...

CentOS 9 : ruby-3.0.4-160.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ruby-3.0.4-160.el9 build changelog. - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp fr...

CVE-2023-28738

creationtimestamp| type| source ---|---|--- 2024-01-19 21:27:14+00:00| seen| https://t.me/ctinow/170405 2024-02-15 17:26:23+00:00| seen| https://t.me/ctinow/185706...

CVE-2023-28738

CVE-2023-28738 affects Intel® NUC BIOS firmware prior to version JY0070. The root cause is improper input validation in the BIOS firmware, enabling a privileged user with local access to potentially escalate privileges. Affected scope is Intel NUC BIOS firmware before JY0070; CVSS metrics in publ...

Intel® NUC BIOS Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® NUC BIOS firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-28738 Description: Improper input validation for some Intel® NUC...

Rocky Linux 9 : ruby (RLSA-2022:6585)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6585 advisory. - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted...

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-002)

The version of ruby installed on the remote host is prior to 3.0.4-155. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY3.0-2023-002 advisory. A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attack...

Medium: ruby

Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...

USN-5462-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-28738 ...

Rocky Linux 8 : ruby:3.0 (RLSA-2022:6450)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6450 advisory. - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user...

Oracle Linux 9 : ruby (ELSA-2022-6585)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6585 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...

ruby security, bug fix, and enhancement update

3.0.4-160 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

Moderate: Red Hat Security Advisory: ruby security, bug fix, and enhancement update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109428 Security Fixes: Ruby: Double free in Regexp compilati...

ALSA-2022:6585 Moderate: ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109428 Security Fixes: Ruby: Double free in Regexp compilati...

RLSA-2022:6450 Moderate: ruby:3.0 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109431 Security Fixes: ruby: Regular expression denial of...

Ubuntu: Security Advisory (USN-5462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Ruby vulnerabilities (USN-5462-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5462-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute...

CVE-2022-28738

creationtimestamp| type| source ---|---|--- 2022-05-09 22:33:13+00:00| seen| https://t.me/cibsecurity/42209 2022-05-30 17:01:48+00:00| seen| https://t.me/ctinow/52874...

CVE-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...