245 matches found
OPENSUSE-SU-2024:11331-1 ruby2.7-rubygem-activesupport-6.0-6.0.4-1.2 on GA media
These are all security issues fixed in the ruby2.7-rubygem-activesupport-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11828-1 ruby3.1-rubygem-activesupport-6.0-6.0.4.4-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activesupport-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12767-1 ruby3.1-rubygem-activesupport-7.0-7.0.4.1-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activesupport-7.0-7.0.4.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13397-1 ruby3.2-rubygem-activesupport-7.0-7.0.8-1.1 on GA media
These are all security issues fixed in the ruby3.2-rubygem-activesupport-7.0-7.0.8-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10574-1 ruby2.2-rubygem-activesupport-4_2-4.2.7.1-1.1 on GA media
These are all security issues fixed in the ruby2.2-rubygem-activesupport-42-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed...
rubygem-activesupport: File Disclosure of Locally Encrypted Files
An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system...
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0275-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
rubygem-activesupport: Regular Expression Denial of Service
A flaw was found in rubygem-activesupport. RubyGem's activesupport gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Inflector.underscore. By sending a specially-crafted regex input, a remote attacker can use large amounts of CPU and memory,...
openSUSE 15 Security Update : rubygem-activesupport-5.2 (openSUSE-SU-2023:0350-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0350-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...
Security update for rubygem-activesupport-5.2 (moderate)
openSUSE Security Update: Security update for rubygem-activesupport-5.2 Announcement ID: openSUSE-SU-2023:0350-1 Rating: moderate References: 1214807 Cross-References: CVE-2023-38037 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available...
OPENSUSE-SU-2023:0350-1 Security update for rubygem-activesupport-5.2
This update for rubygem-activesupport-5.2 fixes the following issue: - CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files bsc1214807...
OESA-2023-1633 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypt...
CVE-2023-38037
An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system. Mitigation To work around this...
Locally Encrypted File Disclosure
ActiveSupport is vulnerable to Locally Encrypted File Disclosure. The vulnerability exists because the library's temporary file's permissions default to the user's current umask settings, which allows an attacker on the same system to read the contents of the temporary file before it gets encrypt...
Information Exposure
Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Information Exposure. The ImpactActiveSupport::EncryptedFile method writes contents that will be encrypted to a temporary file...
Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update
Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
Moderate: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...
Moderate: Red Hat Security Advisory: Logging Subsystem 5.6.5 - Red Hat OpenShift security update
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...
[SECURITY] Fedora 37 Update: rubygem-activesupport-7.0.4.3-1.fc37
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...
Fedora: Security Advisory for rubygem-activesupport (FEDORA-2023-d6157bb1e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...