Lucene search
K

74 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/14 12:0 a.m.51 views

RHEL 8 : ruby:2.5 (RHSA-2023:7025)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7025 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

8.8CVSS7.8AI score0.04127EPSS
Exploits1References13
AlmaLinux
AlmaLinux
added 2023/11/14 12:0 a.m.97 views

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

8.8CVSS6.7AI score0.04127EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.37 views

Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...

7.5CVSS7.3AI score0.03222EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.36 views

Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

7.4CVSS7.6AI score0.0305EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.32 views

Rocky Linux 8 : ruby:2.5 (RLSA-2022:0545)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0545 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue...

9.3CVSS7.1AI score0.06307EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/08/10 12:0 a.m.39 views

AlmaLinux 8 : ruby:2.5 (5779) (ALSA-2022:5779)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5779 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...

7.5CVSS7.3AI score0.03222EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/08/01 12:0 a.m.47 views

CentOS 8 : ruby:2.5 (CESA-2022:5779)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:5779 advisory. - ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 - ruby: Cookie prefix spoofing in CGI::Cookie.parse...

7.5CVSS7.2AI score0.03222EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/08/01 12:0 a.m.53 views

RHEL 8 : ruby:2.5 (RHSA-2022:5779)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5779 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.5CVSS7.2AI score0.03222EPSS
Exploits2References7
OSV
OSV
added 2022/05/14 1:1 a.m.36 views

GHSA-MC6J-H948-V2P6 RubyGems Improper Verification of Cryptographic Signature vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can resu...

9.8CVSS9.2AI score0.03037EPSS
Exploits0References21
OSV
OSV
added 2022/05/14 1:1 a.m.23 views

GHSA-GV86-43RV-79M2 RubyGems Improper Input Validation vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...

5.3CVSS7AI score0.03825EPSS
Exploits0References21
Github Security Blog
Github Security Blog
added 2022/05/14 1:1 a.m.23 views

RubyGems Cross-site Scripting vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...

6.1CVSS1.3AI score0.02845EPSS
Exploits0References22Affected Software2
RubySec
RubySec
added 2022/05/14 12:0 a.m.19 views

RubyGems Improper Verification of Cryptographic Signature vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, and Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contain an Improper Verification of Cryptographic Signature vulnerability in package.rb. This can resu...

9.8CVSS2.7AI score0.03037EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/14 12:0 a.m.29 views

RubyGems Cross-site Scripting vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...

6.1CVSS1.3AI score0.02845EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.35 views

GHSA-74PV-V9GH-H25P RubyGems Infinite Loop vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...

7.5CVSS8.6AI score0.04809EPSS
Exploits0References21
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.29 views

RubyGems Infinite Loop vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...

7.5CVSS4AI score0.04809EPSS
Exploits0References22Affected Software2
RubySec
RubySec
added 2022/05/13 12:0 a.m.17 views

RubyGems Infinite Loop vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...

7.5CVSS4AI score0.04809EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/03/11 12:0 a.m.55 views

AlmaLinux 8 : ruby:2.5 (ALSA-2022:0672)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0672 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...

7.4CVSS7.3AI score0.0305EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/03/11 12:0 a.m.52 views

AlmaLinux 8 : ruby:2.5 (ALSA-2022:0545)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0545 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 Tenable has extracted the preceding description...

9.3CVSS7.2AI score0.06307EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/03/09 12:0 a.m.39 views

Oracle Linux 8 : ELSA-2022-0672-1: / ruby:2.5 (ELSA-2022-06721)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-06721 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-3179...

7.4CVSS7.1AI score0.0305EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/03/01 12:0 a.m.29 views

Oracle Linux 8 : ruby:2.5 (ELSA-2022-0672)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0672 advisory. - Properly fix command injection vulnerability in Rdoc. Related: CVE-2021-31799 - Fix command injection vulnerability in RDoc. Resolves: CVE-2021-31799...

7.4CVSS7.1AI score0.0305EPSS
Exploits2References4
Rows per page
Query Builder