RockyLinux 9 : ruby (RLSA-2025:4487)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4487 advisory. CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 Tenable has extracted the preceding...

ruby:3.1 security update

An update is available for module.ruby, rubygem-pg, ruby, module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

RLSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

ruby security update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

RLSA-2025:4487 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 For more details...

ruby:3.1 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2025:4063 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

ruby:3.3 security update

An update is available for module.ruby, module.rubygem-abrt, module.rubygem-pg, rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of the reboot() and restore() functions in the /cgi-bin/lighttpd.cgi microprogramming system of LB-LINK routers allows a attacker to execute arbitrary code.

The vulnerability of the reboot and restore functions in the /cgi-bin/lighttpd.cgi microprogramming system of LB-LINK routers is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

shellshocker-pocs

This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...

D-Link DSP-W215 安全漏洞

D-Link DSP-W215 is a smart plug product from China AUO D-Link. A security vulnerability exists in the D-Link DSP-W215 version 1.02, which stems from the mycgi.cgi component improperly handling HTTP POST requests, which could lead to a stack buffer overflow and remote code execution...

TOTOLINK T6 访问控制错误漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a lack of authentication vulnerability that stems from the setTelnetCfg function of the /cgi-bin/cstecgi.cgi file in the component...

TOTOLINK T6 setTracerouteCfg function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that originates from the failure of the parameter command of the function setTracerouteCfg in the fi...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a buffer overflow vulnerability, which originates from the parameter ip in the file /cgi-bin/cstecgi.cgi that fails to correctly...

CVE-2025-52082

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the readaccess parameter...

CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server...

CVE-2025-34116

IPFire before 2.19 Core Update 101 is vulnerable to remote command execution via the proxy.cgi CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted NCSA user creation fields, leading to command execution with web server privileges. Remediation: update to IP...

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...