14147 matches found
UBUNTU-CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
EUVD-2026-25385
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
CVE-2026-41316 ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
Linux Distros Unpatched Vulnerability : CVE-2026-41316
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBr...
CLSA-2026-1776952176 ruby: Fix of 4 CVEs
CVE-2024-39908: fix ReDoS in REXML parser for repeated / character reference payloads - CVE-2024-41123: fix ReDoS in REXML source.match when no terminator string is specified - CVE-2024-41946: add XML entity expansion limit to REXML SAX and pull parsers - CVE-2024-43398: fix DoS via deep elements...
OPENSUSE-SU-2026:10609-1 libruby4_0-4_0-4.0.3-1.1 on GA media
These are all security issues fixed in the libruby40-40-4.0.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10604-1 ruby4.0-rubygem-rack-session-2.1.2-1.1 on GA media
These are all security issues fixed in the ruby4.0-rubygem-rack-session-2.1.2-1.1 package on the GA media of openSUSE Tumbleweed...
ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
ERB implements an @init guard to prevent code execution when ERB objects are reconstructed via Marshal.load on untrusted data. However, ERBdefmethod, ERBdefmodule, and ERBdefclass evaluate the template source without checking this guard, allowing an attacker who controls the data passed to...
USN-8190-1 ruby-rack-session vulnerability
SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...
Debian dla-4407 : ruby-sidekiq - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4407 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4407-1 [email protected]...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby4.0: ruby4.0-4.0.0-33.3.hum1 aarch64, x8664 ruby4.0-bundled-gems-4.0.0-33.3.hum1 aarch64, x8664 ruby4.0-default-gems-4.0.0-33.3.hum1 noarch ruby4.0-devel-4.0.0-33.3.hum1 aarch64, x8664...
EUVD-2026-23278
Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption...
CVE-2026-27820
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...
CVE-2026-27820
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...
UBUNTU-CVE-2026-27820
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...
CVE-2026-27820
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...
CVE-2026-27820
CVE-2026-27820 is a buffer overflow in the Ruby zlib interface’s Zlib::GzipReader caused by zstream_buffer_ungets not ensuring sufficient Ruby string capacity before memmove. Affected: zlib gem v3.2.0/3.2.1 and earlier (3.0.0 and below, 3.1.0/3.1.1, 3.2.0/3.2.1). Impact: memory corruption when bu...