rexml: REXML denial of service

A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...

Linux Distros Unpatched Vulnerability : CVE-2025-14762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to differe...

RHEL 9 : ruby:3.3 (RHSA-2025:23648)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23648 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

OPENSUSE-SU-2025:15828-1 libruby3_4-3_4-3.4.8-1.1 on GA media

These are all security issues fixed in the libruby34-34-3.4.8-1.1 package on the GA media of openSUSE Tumbleweed...

AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for Ruby is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

UBUNTU-CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

CVE-2025-14762

CVE-2025-14762 describes a missing cryptographic key commitment in the AWS SDK for Ruby that can allow a user with write access to an S3 bucket to introduce a new EDK and decrypt data to different plaintext when the encrypted data key is stored in an instruction file rather than in S3 metadata. T...

AWS SDK for Ruby 安全漏洞

AWS SDK for Ruby is an open source developer toolkit for Ruby from Amazon Web Services. A security vulnerability exists in AWS SDK for Ruby that stems from a lack of cryptographic key promises, which could cause a user with write access to an S3 storage bucket to introduce a new EDK that decrypts...

PT-2025-51883

Name of the Vulnerable Software and Affected Versions AWS SDK for Ruby versions prior to 1.208.0 Description A missing cryptographic key commitment in the AWS SDK for Ruby could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

Debian: Security Advisory (DLA-4406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : pcs (RHSA-2025:19512)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19512 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...

DLA-4407-1 ruby-sidekiq - security update

Bulletin has no description...

Debian: Security Advisory (DLA-4407-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2025-991241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991241 advisory. Unity Link Advisory UTSA-2025-991241 Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not...

DLA-4406-1 ruby-git - security update

Bulletin has no description...

[SECURITY] [DLA 4407-1] ruby-sidekiq security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4407-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 15, 2025 https://wiki.debian.org/LTS -...