ruby security update

3.0.7-165 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-86104 - Fix ReDoS in CGI::UtilescapeElement. CVE-2025-27220 Resolves: RHEL-86130 3.0.7-164 - Undefine GC compaction methods on ppc64le. Resolves: RHEL-83136 - Fix printing warnings when using IRB from a script...

Moderate: Red Hat Security Advisory: ruby:3.1 security update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 9 : ruby:3.3 (RHSA-2025:4493)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4493 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ALSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

RHEL 9 : ruby (RHSA-2025:4487)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4487 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Oracle Linux 9 : ruby:3.3 (ELSA-2025-4493)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4493 advisory. - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves:...

Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

CVE-2025-4271

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attac...

CVE-2025-4271 TOTOLINK A720R cstecgi.cgi information disclosure

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attac...

CVE-2025-4271

TOTOLINK A720R (firmware 4.1.5cu.374) is affected by CVE-2025-4271 due to improper handling of the topicurl parameter in /cgi-bin/cstecgi.cgi. Manipulating topicurl with showSyslog triggers information disclosure over a remote attack. Multiple sources confirm the vulnerability and public exploits...

CVE-2025-4268 TOTOLINK A720R cstecgi.cgi missing authentication

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated...

The vulnerability of the CGI Gem software lies in the use of regular expressions with inefficient computational complexity, which allows attackers to trigger a service failure.

The vulnerability of the CGI Gem software lies in the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability allows an attacker operating remotely to cause service interruptions...

Webmin CRLF Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper neutralization of CRLF sequences...

CVE-2025-28022

TOTOLINK A810R V4.1.2cu.5182B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

CVE-2025-28019

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component...

CVE-2025-28018

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter...

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

TOTOLINK A800R 安全漏洞

TOTOLINK A800R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A800R version V4.1.2cu.5137B20200730, which stems from a security issue in the downloadFile.cgi component, and can be exploited by remote attackers to execute arbitrary...

CVE-2025-28020

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...