GHSA-F93J-HMCR-JCWH Moped Rubygem Data Injection Vulnerability

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

SUSE-SU-2020:2140-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - Fixed a potential remote code execution of user-provided local names bsc1173144, CVE-2020-8163...

SUSE-SU-2020:2060-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 jscSLE-6965: - Add CVE-2020-11077.patch bsc1172175, CVE-2020-11077 - Add CVE-2020-11076.patch bsc1172176, CVE-2020-11076 - Add CVE-2020-5247.patch bsc1165402 'Fixes a problem where we were not...

SUSE-SU-2020:2053-1 Security update for rubygem-excon

This update for rubygem-excon fixes the following issues: - CVE-2019-16779: Fixed an information leak in the socket handling for persistent connections bsc1159342...

CVE-2020-14001

A flaw was found in rubygem-kramdown in versions prior to 2.3.0. The template option allows unintended read access or embedded Ruby code execution which is enabled in Kramdown by default. The highest threat from this vulnerability is to data confidentiality and integrity...

openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)

This update for rubygem-puma to version 4.3.5 fixes the following issues : - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

openSUSE Security Update : rubygem-puma (openSUSE-2020-990)

This update for rubygem-puma to version 4.3.5 fixes the following issues : - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

openSUSE Security Update : rubygem-bundler (openSUSE-2020-803)

This update for rubygem-bundler fixes the following issue : - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive...

openSUSE Security Update : rubygem-bundler (openSUSE-2020-861)

This update for rubygem-bundler fixes the following issue : - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive...

openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1001-1 Security update for rubygem-puma

This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

OPENSUSE-SU-2020:0990-1 Security update for rubygem-puma

This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

Security update for rubygem-puma (moderate)

openSUSE Security Update: Security update for rubygem-puma Announcement ID: openSUSE-SU-2020:1001-1 Rating: moderate References: 1172175 1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now...

Security update for rubygem-puma (moderate)

openSUSE Security Update: Security update for rubygem-puma Announcement ID: openSUSE-SU-2020:0990-1 Rating: moderate References: 1172175 1172176 Cross-References: CVE-2020-11076 CVE-2020-11077 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...

SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-2)

This update for rubygem-bundler fixes the following issue : CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

SUSE-SU-2020:1582-2 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436...

Medium: rubygem-rake

Issue Overview: There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. CVE-2020-8130 Affected Packages: rubygem-rake Issue Correction: Run yum update rubygem-rake or yum update --advisory ALAS-2020-1384...

RHEL 8 : pcs (RHSA-2020:2670)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2670 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-json: Unsafe Object...

openSUSE: Security Advisory for rubygem-bundler (openSUSE-SU-2020:0861-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0861-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project...