Lucene search
K

77 matches found

OSV
OSV
added last week3 views

UBUNTU-CVE-2026-57438

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References3
OSV
OSV
added last week4 views

UBUNTU-CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References3
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References3
OSV
OSV
added last week4 views

UBUNTU-CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References3
Debian CVE
Debian CVE
added last week5 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current...

8.2CVSS5.8AI score0.00278EPSS
Exploits1References3
Redos
Redos
added 2025/08/26 12:0 a.m.5 views

ROS-20250826-03

Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...

6.5CVSS7.2AI score0.00422EPSS
Exploits0
Redos
Redos
added 2025/08/25 12:0 a.m.3 views

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

8.2CVSS7.3AI score0.02886EPSS
Exploits1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

Ruby SAML 安全漏洞

Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A security vulnerability exists in Ruby SAML version 1.18.0 and earlier, which stems from validating the Base64 format of a SAML response before checking the message size, and could lead to resource...

6.9CVSS7.2AI score0.00384EPSS
Exploits0References5
OSV
OSV
added 2025/07/29 1:40 p.m.5 views

RLSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

5.9CVSS8.3AI score0.01493EPSS
Exploits0References8
OSV
OSV
added 2025/07/29 1:38 p.m.8 views

RLSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

7.5CVSS7.7AI score0.10539EPSS
Exploits4References3
RedHat Linux
RedHat Linux
added 2025/07/02 2:32 p.m.5 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00784EPSS
Exploits0References5
Redos
Redos
added 2025/06/19 12:0 a.m.7 views

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...

7.5CVSS7.4AI score0.00911EPSS
Exploits0
Redos
Redos
added 2025/06/19 12:0 a.m.5 views

ROS-20250619-02

A vulnerability in the Net::IMAP module of the Ruby programming language is related to uncontrolled memory allocation. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

6.5CVSS7AI score0.00409EPSS
Exploits0
Redos
Redos
added 2025/06/16 12:0 a.m.7 views

ROS-20250616-03

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to insufficient insufficient validation of data provided by an attacker in Rack::CommonLogger. Exploitation of the vulnerability could Allow an attacker acting remotely to manipulate data log entr...

7.1CVSS6.9AI score0.01095EPSS
Exploits1
Fedora
Fedora
added 2025/04/21 4:47 p.m.16 views

[SECURITY] Fedora 41 Update: ruby-3.3.8-19.fc41

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

7.5CVSS6.6AI score0.00784EPSS
Exploits0
Redos
Redos
added 2025/04/03 12:0 a.m.20 views

ROS-20250403-16

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...

7.5CVSS7.1AI score0.00699EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.7 views

The vulnerability in the implementation of the SAML SSO protocol for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO protocol implementation for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass...

9.4CVSS7.5AI score0.63792EPSS
Exploits1References11Affected Software4
Debian CVE
Debian CVE
added 2025/03/03 12:0 a.m.6 views

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

7.5CVSS6.1AI score0.00784EPSS
Exploits0
OSV
OSV
added 2025/02/06 3:10 a.m.5 views

USN-7256-1 ruby2.7 vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service...

5.9CVSS6.6AI score0.01493EPSS
Exploits0References3
Rows per page
Query Builder