Medium: ruby3.2

Issue Overview: REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the...

ruby3.4-rubygem-rack-2.2-2.2.12-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.12-1.1 on GA media Announcement ID: openSUSE-SU-2025:14859-1 Rating: moderate Cross-References: CVE-2025-27111 CVSS scores: CVE-2025-27111 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-27111 SUSE : 6.9...

Malicious code in evil_gem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e1cbacc9bc6d36bcde7b6cb93df89df1fae5c8f70a841dc916a8ba6cdad2ff95 The OpenSSF Package Analysis project identified 'evilgem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

Linux Distros Unpatched Vulnerability : CVE-2021-39880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from...

Linux Distros Unpatched Vulnerability : CVE-2017-16516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the...

Linux Distros Unpatched Vulnerability : CVE-2015-9284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework,...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-39908)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39908 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

SUSE CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

OESA-2025-1156 yajl security update

yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-35176)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35176 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service...

ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14672-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14674-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14673-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14676-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed ...

OPENSUSE-SU-2025:14674-1 ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14669-1 ruby3.4-rubygem-actionmailbox-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-actionmailbox-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14676-1 ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14679-1 ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rails-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...