Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ruby: Buffer overread vulnerability in StringIO

A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value...

SUSE-SU-2024:1911-1 Security update for squid

This update for squid fixes the following issues: - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service bsc1225417...

SUSE-SU-2024:1896-1 Security update for squid

This update for squid fixes the following issues: - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service bsc1225417...

RHEL 5 : radvd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - radvd: numerous buffer overread flaws in processra may lead to crash CVE-2011-3604 - radvd: temporary...

RHEL 6 : radvd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - radvd: numerous buffer overread flaws in processra may lead to crash CVE-2011-3604 - radvd: temporary...

RHEL 4 : radvd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - radvd: numerous buffer overread flaws in processra may lead to crash CVE-2011-3604 - radvd: temporary...

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751...

RHEL 5 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modmime buffer overread CVE-2017-7679 - httpd: Weak Digest auth nonce generation in modauthdigest...

ALSA-2024:3546 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280...

RHEL 8 : ruby:3.1 (RHSA-2024:3546)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3546 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280...

Oracle Linux 8 : ruby:3.0 (ELSA-2024-3500)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3500 advisory. ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - F...

ruby:3.0 security update

ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time...

PT-2024-35533 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this issue, where the targ...

PT-2024-35411 · Sonos · Sonos Era 100

Name of the Vulnerable Software and Affected Versions: Sonos Era 100 affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. The specific flaw exists within the handling ...

AlmaLinux 8 : ruby:3.0 (ALSA-2024:3500)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3500 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time CVE-2023-287...

ruby: Buffer overread vulnerability in StringIO

A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value...

Moderate: Red Hat Security Advisory: ruby:3.0 security update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

AS-DCP Lib Security Vulnerability

AS-DCP Lib is a set of APIs and command line tools to access files conforming to the sound and image track file formats developed by the SMPTE Working Group DC28.20 now TC 21DC. A security vulnerability exists in AS-DCP Lib version 2.13.1 that stems from the presence of a heap-based buffer...