31 matches found
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2023:4176-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4176-1 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP...
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-002)
The version of ruby installed on the remote host is prior to 2.6.9-129. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-002 advisory. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service...
K30272432: RubyGems vulnerability CVE-2021-41817
Security Advisory Description Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CVE-2021-41817 Impact There is no impact; F5 products are not affected by this vulnerability...
EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2022-2588)
According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed...
Oracle Linux 8 : ruby:2.7 (ELSA-2022-6447)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6447 advisory. - Fix regular Expression Denial of Service Vulnerability of Date Parsing Methods. Resolves: CVE-2021-41817 - Fix cookie prefix spoofing in...
Oracle Linux 8 : ruby:3.0 (ELSA-2022-6450)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6450 advisory. - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 Tenable has extracted the preceding description block directly from the Oracle Linux...
AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...
Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 Tenable has extracted the preceding description bloc...
EulerOS 2.0 SP8 : ruby (EulerOS-SA-2022-1951)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2....
Debian DSA-5067-1 : ruby2.7 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5067 advisory. Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result in information disclosure or...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5235-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5235-1 advisory. It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Design/Logic Flaw
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...
Debian DLA-2853-1 : ruby2.3 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2853 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2...
NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2021-0154)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bound...
RHEL 7 : firefox (RHSA-2020:4080)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4080 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
CVE-2020-12425
Due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox 78...
Information Disclosure
firefox is vulnerable to information disclosure. The vulnerability exists due to confusion processing a hyphen character in Date.parse, a one-byte out of bounds read could have occurred, leading to potential information disclosure...