ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media (moderate)

ruby3.4-rubygem-multixml-0.6.0-1.29 on GA media Announcement ID: openSUSE-SU-2025:15122-1 Rating: moderate Cross-References: CVE-2013-0175 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media (moderate)

ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media Announcement ID: openSUSE-SU-2025:15116-1 Rating: moderate Cross-References: CVE-2023-22799 CVSS scores: CVE-2023-22799 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...

ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15113-1 Rating: moderate Cross-References: CVE-2022-21831 CVSS scores: CVE-2022-21831 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves on...

ruby3.4-rubygem-puma-6.4.3-1.3 on GA media (moderate)

ruby3.4-rubygem-puma-6.4.3-1.3 on GA media Announcement ID: openSUSE-SU-2025:15123-1 Rating: moderate Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2022-23634 CVE-2024-45614 CVSS scores: CVE-2019-16770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11076 SUSE : 6.8...

ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media (moderate)

ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media Announcement ID: openSUSE-SU-2025:15117-1 Rating: moderate Cross-References: CVE-2015-1840 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in th...

ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media (moderate)

ruby3.4-rubygem-loofah-2.23.1-1.3 on GA media Announcement ID: openSUSE-SU-2025:15120-1 Rating: moderate Cross-References: CVE-2018-16468 CVE-2018-8048 CVE-2019-15587 CVE-2022-23514 CVE-2022-23515 CVE-2022-23516 CVSS scores: CVE-2018-16468 SUSE : 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L...

OPENSUSE-SU-2025:15111-1 ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15115-1 ruby3.4-rubygem-fluentd-1.17.1-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-fluentd-1.17.1-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15116-1 ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media

These are all security issues fixed in the ruby3.4-rubygem-globalid-1.2.1-1.7 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15124-1 ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rails-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15112-1 ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15109-1 ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-actionmailer-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15121-1 ruby3.4-rubygem-minitar-0.9-1.19 on GA media

These are all security issues fixed in the ruby3.4-rubygem-minitar-0.9-1.19 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15130-1 ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media

These are all security issues fixed in the ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 package on the GA media of openSUSE Tumbleweed...

rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...

ruby3.4-rubygem-rack-2.2-2.2.14-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.14-1.1 on GA media Announcement ID: openSUSE-SU-2025:15067-1 Rating: moderate Cross-References: CVE-2025-46727 CVSS scores: CVE-2025-46727 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-46727 SUSE : 8.7...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

CVE-2025-43857

Net::IMAP for Ruby is vulnerable to denial of service via memory exhaustion when processing server responses containing a literal byte count. A malicious server can trigger the client’s receiver thread to allocate memory for the indicated size, potentially exhausting memory during any active conn...

CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...