rack: Rack memory exhaustion denial of service

A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...

ALSA-2025:19719 Important: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...

Debian: Security Advisory (DSA-6048-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6048-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6048-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 03, 2025 https://www.debian.org/security/faq -...

CVE-2025-37727 vulnerabilities

Vulnerabilities for packages: ruby3.4-elasticsearch, ruby3.3-elasticsearch, ruby3.2-elasticsearch...

GHSA-56R7-H6MW-RCFV vulnerabilities

Vulnerabilities for packages: ruby3.2-elasticsearch, ruby3.3-elasticsearch, ruby3.4-elasticsearch, elasticsearch-fips...

Fedora: Security Advisory (FEDORA-2025-b10099f608)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-6048 : ruby-rack - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6048 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6048-1 [email protected]...

macOS 26.x < 26.1 Multiple Vulnerabilities (125634)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.1. It is, therefore, affected by multiple vulnerabilities: - A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1,...

DSA-6048-1 ruby-rack - security update

Bulletin has no description...

Debian: Security Advisory (DLA-4357-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: ruby-3.3.10-21.fc41

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Debian dla-4357 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4357 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4357-1 [email protected]...

DLA-4357-1 ruby-rack - security update

Bulletin has no description...

Fedora 41 : ruby (2025-b10099f608)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b10099f608 advisory. Upgrade to Ruby 3.3.10. CVE-2025-58767 ruby: REXML denial of service rhbz2396203 Tenable has extracted the preceding description block directly from...

EUVD-2025-36416

Malicious code in shopify-ruby npm...

MAL-2025-48935 Malicious code in shopify-ruby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974d73b54aa22ffaf8dfee7094b175bea558642ea43dda60cee5bc58b44ed17f The package shopify-ruby was found to contain malicious code. Source: ghsa-malware a529d693e0fe4a67a348d26b2117b4b314994f3378fa0ed92576c915cd5dccff A...

Malicious code in shopify-ruby (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974d73b54aa22ffaf8dfee7094b175bea558642ea43dda60cee5bc58b44ed17f The package shopify-ruby was found to contain malicious code. Source: ghsa-malware a529d693e0fe4a67a348d26b2117b4b314994f3378fa0ed92576c915cd5dccff A...

Malicious Package

Overview shopify-ruby is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Ubuntu: Security Advisory (USN-7840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...