Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016633 advisory. Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Tenable has extracted th...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-kramdown (UTSA-2026-016646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016646 advisory. The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

Astra Linux - уязвимость в ruby-kramdown

Before version 2.3.1, Kramdown did not restrict Rouge formatters to the Rouge::Formatters namespace, allowing arbitrary classes to be instantiated...

OPENSUSE-SU-2026:10352-1 ruby4.0-rubygem-kramdown-2.4.0-1.17 on GA media

These are all security issues fixed in the ruby4.0-rubygem-kramdown-2.4.0-1.17 package on the GA media of openSUSE Tumbleweed...

EUVD-2021-0603

Malware in sbrugna...

EUVD-2020-0635

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-14001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media (moderate)

ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media Announcement ID: openSUSE-SU-2025:15119-1 Rating: moderate Cross-References: CVE-2020-14001 CVE-2021-28834 CVSS scores: CVE-2020-14001 SUSE : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVE-2021-28834 SUSE : 9.8...

OPENSUSE-SU-2025:15119-1 ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media

These are all security issues fixed in the ruby3.4-rubygem-kramdown-2.4.0-1.15 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:14170-1 ruby3.3-rubygem-kramdown-2.4.0-1.12 on GA media

These are all security issues fixed in the ruby3.3-rubygem-kramdown-2.4.0-1.12 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12038-1 ruby3.1-rubygem-kramdown-2.4.0-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-kramdown-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13161-1 ruby3.2-rubygem-kramdown-2.4.0-1.8 on GA media

These are all security issues fixed in the ruby3.2-rubygem-kramdown-2.4.0-1.8 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11336-1 ruby2.7-rubygem-kramdown-2.3.1-1.3 on GA media

These are all security issues fixed in the ruby2.7-rubygem-kramdown-2.3.1-1.3 package on the GA media of openSUSE Tumbleweed...

Ubuntu: Security Advisory (USN-6424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6424-1 ruby-kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

USN-6424-1: kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

Ubuntu 20.04 LTS : kramdown vulnerability (USN-6424-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6424-1 advisory. It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrar...

SUSE CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

SUSE CVE-2021-28834

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

SUSE SLES15 Security Update : rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read...