MiracleLinux 4 : ruby-1.8.7.352-4.AXS4 (AXSA:2012-139:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-139:02 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 3 : ruby-1.8.5-5.7.1AXS3 (AXSA:2009-78:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-78:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 3 : ruby-1.8.5-5.6 (AXSA:2008-536:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-536:04 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

MiracleLinux 3 : ruby-1.8.5-19.1.0.1.AXS3 (AXSA:2011-226:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-226:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

MiracleLinux 4 : ruby-1.8.7.299-7.1.0.1.AXS4 (AXSA:2011-614:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-614:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do syste...

MiracleLinux 3 : ruby-1.8.5-5.1.1AXS3 (AXSA:2008-86:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-86:01 advisory. Ruby is an interpreted scripting language for quick and easy object-oriented programming. CVE 2008-2662: Multiple integer overflows in the...

CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

CLSA-2026-1768314331 ruby: Fix of CVE-2025-27221

CVE-2025-27221: fix credential leak by correctly truncating userinfo...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforced its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

Astra Linux – Vulnerability in Ruby 3.1

In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...

Astra Linux – Vulnerability in Ruby 3.1

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby, up to 3.2.1. The Time parser improperly handles invalid URLs that contain specific characters. This causes an increase in execution time when parsing strings into Time objects. The fixed versions are 0.1.1 and 0.2.2...

Astra Linux - уязвимость в ruby-rack

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

Astra Linux - уязвимость в ruby-webrick

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

Astra Linux – Vulnerability in Rubygems

In the URI gem before version 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ inadvertently allowed authentication credentials to be leaked, as the userinfo was retained even after changing the host...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

Astra Linux – Vulnerability in Rubygems

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby, up to 3.2.1. The URI parser improperly handles invalid URLs that contain specific characters. This leads to an increase in the execution time required to parse strings into URI objects. The fixed versions are 0.12.1, 0.11.1...

Astra Linux – Vulnerability in Ruby 3.1

In the CGI gem before version 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. This method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumpti...

MiracleLinux 8 : ruby:2.5 (AXSA:2025-9949:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9949:01 advisory. oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler: unexpected code...

MiracleLinux 9 : ruby:3.3 (AXSA:2025-11557:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11557:01 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 When using the + operator to combine URIs,...

MiracleLinux 8 : ruby:3.3 (AXSA:2025-11546:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11546:01 advisory. resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 When using the + operator to combine URIs,...