60 matches found
MiracleLinux 8 : ruby:2.5 (AXSA:2022-3087:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3087:01 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...
Alibaba Cloud Linux 3 : 0054: ruby:2.7 (ALINUX3-SA-2021:0054)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0054 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-36327: Bundler 1.16.0 through 2.2...
GLSA-202401-05 : RDoc: Command Injection
The remote host is affected by the vulnerability described in GLSA-202401-05 RDoc: Command Injection - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. CVE-2021-31799 Note that Nessus has not test...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-005)
The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-005 advisory. An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious...
Medium: ruby
Issue Overview: An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. CVE-2021-31799 Affected Packages: ruby Note:...
AlmaLinux 8 : ruby:2.5 (ALSA-2022:0672)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0672 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...
Oracle Linux 8 : ELSA-2022-0672-1: / ruby:2.5 (ELSA-2022-06721)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-06721 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-3179...
Oracle Linux 8 : ruby:2.5 (ELSA-2022-0672)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0672 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799...
Important: Red Hat Security Advisory: rh-ruby26-ruby security, bug fix, and enhancement update
An update for rh-ruby26-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
ruby:2.5 security update
ruby 2.5.9-109 - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 2.5.9-108 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799 - Fix StartTLS stripping vulnerability in Net::IMAP Resolves: CVE-2021-32066 - Fix FTP PASV command response can cause...
RHEL 8 : ruby:2.5 (RHSA-2022:0672)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0672 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1187)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect...
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2022-1187)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a...
RHEL 8 : ruby:2.6 (RHSA-2022:0582)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0582 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Important: Red Hat Security Advisory: ruby:2.6 security update
An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: ruby:2.6 security update
An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: ruby:2.6 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc:...
RHEL 8 : ruby:2.6 (RHSA-2022:0544)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0544 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...