74 matches found
RHEL 8 : ruby:2.5 (RHSA-2023:7025)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7025 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0545)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0545 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue...
AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...
CentOS 8 : ruby:2.5 (CESA-2022:5779)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:5779 advisory. - ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 - ruby: Cookie prefix spoofing in CGI::Cookie.parse...
RHEL 8 : ruby:2.5 (RHSA-2022:5779)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5779 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
GHSA-MC6J-H948-V2P6 RubyGems Improper Verification of Cryptographic Signature vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can resu...
GHSA-GV86-43RV-79M2 RubyGems Improper Input Validation vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...
RubyGems Cross-site Scripting vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
RubyGems Improper Verification of Cryptographic Signature vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can resu...
RubyGems Cross-site Scripting vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
GHSA-74PV-V9GH-H25P RubyGems Infinite Loop vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
RubyGems Infinite Loop vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
RubyGems Infinite Loop vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...
AlmaLinux 8 : ruby:2.5 (ALSA-2022:0672)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0672 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...
AlmaLinux 8 : ruby:2.5 (ALSA-2022:0545)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0545 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 Tenable has extracted the preceding description...
Oracle Linux 8 : ELSA-2022-0672-1: / ruby:2.5 (ELSA-2022-06721)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-06721 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-3179...
Oracle Linux 8 : ruby:2.5 (ELSA-2022-0672)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0672 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799...