14168 matches found
[SECURITY] [DLA 4406-1] ruby-git security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4406-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 15, 2025 https://wiki.debian.org/LTS -...
Debian dla-4406 : ruby-git - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4406 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4406-1 [email protected]...
Authentication Bypass
ruby-saml is vulnerable to authentication bypass. The vulnerability is due to improper handling of libxml2 canonicalization in Nokogiri when processing invalid XML, which returns an empty string used for DigestValue calculation, allowing an attacker to perform a Signature Wrapping attack and bypa...
Authentication Bypass
ruby-saml is vulnerable to authentication bypass. The vulnerability is due to inconsistent XML parsing between REXML and Nokogiri resulting in different document structures, which allows an attacker to perform a Signature Wrapping attack and bypass authentication...
RHSA-2025:23140 Red Hat Security Advisory: ruby:3.3 security update
Bulletin has no description...
Oracle Linux 9 : ruby:3.3 (ELSA-2025-23063)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23063 advisory. - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 Tenable has extracted...
Oracle Linux 10 : ruby (ELSA-2025-23141)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23141 advisory. - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 Tenable has extracte...
resolv: Denial of Service in resolv gem
A denial of service flaw was found in resolv ruby gem. This flaw allows an attacker to craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses this packet, the name decompression process consumes a large amount of CPU resources, as the library does...
Moderate: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
rexml: REXML denial of service
A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...
Moderate: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Linux 8 : ruby:3.3 (ELSA-2025-23062)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-23062 advisory. - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 Tenable has extracted...
ruby:3.3 security update
ruby 3.3.10-5 - Upgrade to Ruby 3.3.10. Resolves: RHEL-127912 - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 - Fix REXML denial of service. CVE-2025-58767 Resolves: RHEL-122015 rubygem-mysql2 rubygem-pg...
RHEL 9 : ruby:3.3 (RHSA-2025:23140)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23140 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...
Linux Distros Unpatched Vulnerability : CVE-2025-66567
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypas...
Linux Distros Unpatched Vulnerability : CVE-2025-66568
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through...
ruby:3.3 security update
ruby 3.3.10-5 - Upgrade to Ruby 3.3.10. Resolves: RHEL-106820 - Fix possible denial of service in resolv gem CVE-2025-24294 - Fix URI Credential Leakage Bypass previous fixes. CVE-2025-61594 - Fix REXML denial of service. CVE-2025-58767 Resolves: RHEL-122012 rubygem-abrt rubygem-mysql2 rubygem-pg...
Moderate: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
rexml: REXML denial of service
A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...
Moderate: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...