Oracle Linux 8 : ruby:2.5 (ELSA-2022-5779)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5779 advisory. - Fix by adding length limit option for methods that parses date strings. Resolves: CVE-2021-41817 Tenable has extracted the preceding description bloc...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1496)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

GHSA-4VF4-QMVG-MH7H Cookie Prefix Spoofing in CGI::Cookie.parse

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem prior to versions 0.3.1, 0.2.1, 0.1.1, and 0.1.0.1 for Ruby...

Debian DLA-2853-1 : ruby2.3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2853 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2...

CVE-2021-28794

The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath...