MiracleLinux 7 : ruby-2.0.0.648-39.0.3.el7.AXS7 (AXSA:2025-10921:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10921:03 advisory. CVE-2017-9226: fix a heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. CVE-2016-2338: fix heap overflo...

EUVD-2016-3423

Malware in sbrugna...

EUVD-2024-52513

Malicious code in bioql PyPI...

CLSA-2025-1758023679 ruby: Fix of CVE-2016-2339

CVE-2016-2339: fix heap overflow vulnerability in Fiddle::Function.new 'initialize' function...

MAL-2025-19261 Malicious code in eh-fiddle (npm)

The package eh-fiddle was found to contain malicious code...

Malicious code in eh-fiddle (npm)

The package eh-fiddle was found to contain malicious code...

CVE-2024-54393

Cross-Site Request Forgery CSRF vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through = 1.0...

CVE-2024-54393

Cross-Site Request Forgery CSRF vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through = 1.0...

CVE-2024-54393 WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0...

CVE-2024-54393 WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through = 1.0...

CVE-2024-54393

CVE-2024-54393 is documented as a Cross-Site Request Forgery (CSRF) vulnerability in the WP Fiddle WordPress plugin (WP-Fiddle). The affected range indicates WP Fiddle from n/a through version 1.0. The CVE also indicates Stored XSS is possible, implying CSRF could lead to XSS in the affected plug...

WordPress plugin WP Fiddle 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Fiddle versions = 1.0...

SUSE CVE-2015-7551

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of...

SUSE CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...

ruby:2.5 security update

ruby 2.5.9-110 - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 - CGI::Cookie.parse no longer decodes cookie names to prevent spoofing...

Mageia: Security Advisory (MGASA-2017-0290)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1050)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1617)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

Ruby is vulnerable to arbitrary code execution attacks. A context-dependent attacker could exploit a flaw in the Fiddle::Handle implementation in ext/fiddle/handle.c to cause a denial of service application crash via a crafted string, related to the DL module and the libffi library...