Lucene search
+L

215 matches found

nessus
nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to...

6.5CVSS7AI score0.01277EPSS
Exploits0References2
nessus
nessus
added 2025/07/25 12:0 a.m.3 views

NewStart CGSL MAIN 7.02 : ruby Multiple Vulnerabilities (NS-SA-2025-0116)

The remote NewStart CGSL host, running version MAIN 7.02, has ruby packages installed that are affected by multiple vulnerabilities: - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increa...

5.3CVSS8.4AI score0.02637EPSS
Exploits0References5
ibm
ibm
added 2025/06/20 6:47 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data Object Injection due to YAML Parsing in RDoc gem (CVE-2024-27281)

Summary Potential vulnerabilities in rdoc module CVE-2024-27281 has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27281 DESCRIPTION: An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in...

4.5CVSS8.5AI score0.01571EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/05/22 10:5 p.m.9 views

CVE-2022-1185

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file...

6.5CVSS6.3AI score0.01277EPSS
Exploits0References1
ubuntu
ubuntu
added 2025/02/10 5:54 p.m.9 views

USN-6838-2: Ruby vulnerability

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked in...

4.5CVSS7.5AI score0.01571EPSS
Exploits0
osv
osv
added 2025/02/10 5:54 p.m.11 views

USN-6838-2 ruby2.3, ruby2.5 vulnerability

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked in...

4.5CVSS7AI score0.01571EPSS
Exploits0References2
nessus
nessus
added 2025/02/10 12:0 a.m.13 views

Azure Linux 3.0 Security Update: ruby (CVE-2024-27281)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27281 advisory. - An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing...

4.5CVSS7.7AI score0.01571EPSS
Exploits0References2
nessus
nessus
added 2024/10/08 12:0 a.m.102 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.102001)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.102001 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability...

9.8CVSS7.1AI score0.99995EPSS
Exploits27References30
amazon
amazon
added 2024/09/18 12:0 a.m.8 views

Medium: ruby

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

4.5CVSS7AI score0.01571EPSS
Exploits0
osv
osv
added 2024/09/15 8:40 p.m.26 views

RHSA-2013:0701 Red Hat Security Advisory: ruby193-ruby, rubygem-json and rubygem-rdoc security update

Bulletin has no description...

5.4CVSS6.7AI score0.13911EPSS
Exploits0References13
nessus
nessus
added 2024/08/21 12:0 a.m.34 views

CBL Mariner 2.0 Security Update: ruby (CVE-2024-27281)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27281 advisory. - An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing...

4.5CVSS7.7AI score0.01571EPSS
Exploits0References2
amazon
amazon
added 2024/08/19 12:0 a.m.10 views

Medium: ruby3.2

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory address read vulnerability with Regex search CVE-2024-27282 Affected Packages: ruby3.2 Issue Correction: Run dnf update ruby3.2 --releasever 2023.5.20240819 or dnf update --advisory...

6.6CVSS6.8AI score0.01571EPSS
Exploits0
cloudfoundry
cloudfoundry
added 2024/07/25 12:0 a.m.39 views

USN-6838-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use...

6.6CVSS8.2AI score0.01571EPSS
Exploits0Affected Software2
openvas
openvas
added 2024/07/16 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1921)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.02364EPSS
Exploits0References2
openvas
openvas
added 2024/07/16 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1897)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.02364EPSS
Exploits0References2
nessus
nessus
added 2024/07/15 12:0 a.m.25 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-1897)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

9.8CVSS7.8AI score0.02364EPSS
Exploits0References3
nessus
nessus
added 2024/07/15 12:0 a.m.23 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-1921)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

9.8CVSS7.8AI score0.02364EPSS
Exploits0References3
redhat
redhat
added 2024/07/11 11:55 a.m.7 views

ruby: RCE vulnerability with .rdoc_options in RDoc

A flaw was found in Rubygem RDoc. When parsing .rdocoptions used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution...

4.5CVSS7.6AI score0.01571EPSS
Exploits0References5
amazon
amazon
added 2024/06/24 12:0 a.m.4 views

Medium: ruby

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 - Ruby3.0 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and...

4.5CVSS7AI score0.01571EPSS
Exploits0
gentoo
gentoo
added 2024/06/22 12:0 a.m.22 views

RDoc: Remote Code Execution

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...

4.5CVSS8.3AI score0.01571EPSS
Exploits0
Rows per page
Query Builder