CVE-2026-1979

A flaw has been found in mruby up to 3.4.0. This affects the function mrbvmexec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This...

TencentOS Server 4: needrestart (TSSA-2024:1043)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1043 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

ROS-20251014-01

The vulnerability of the Rack module interface of the Ruby programming language interpreter is related to the fact that application does not properly control consumption of internal resources in the function "Rack::QueryParser" function. Exploitation of the vulnerability could allow an attacker...

EUVD-2024-43160

Malicious code in bioql PyPI...

EUVD-2022-52519

Malicious code in bioql PyPI...

EUVD-2025-1595

Malicious code in bioql PyPI...

ROS-20250908-11

The vulnerability in the Ruby interpreter is related to the fact that the application does not control internal resource consumption when processing DNS packets properly. resources when processing DNS packets properly. Exploitation of the vulnerability could allow an attacker, acting locally to...

The vulnerability of the JSON extension of the Ruby programming language interpreter allows a hacker to trigger a service failure.

The vulnerability of the JSON extension of the Ruby programming language interpreter involves reading data beyond the allowable range of memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending specially crafted data...

The vulnerability of the Ruby interpreter, related to the use of hidden time channels for data transmission, allows an attacker to execute the Marvin attack.

The vulnerability of the Ruby interpreter lies in the use of hidden time channels for data transmission. Exploiting this vulnerability allows a remote attacker to execute the Marvin attack...

ROS-20250326-09

Ruby interpreter vulnerability is related to a hidden time channel Exploitation of the vulnerability could allow a remote attacker to gain access to confidential information...

Linux Distros Unpatched Vulnerability : CVE-2025-0306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted...

ROS-20250203-15

Vulnerability in Active Support PostgreSQL component of Ruby interpreter is related to insufficient validation of user input in Active Support in Inflector.underscore. user input data in Active Support in Inflector.underscore. Exploitation of the vulnerability could allow an attacker acting...

Debian dla-3450 : libruby2.5 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3450 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3450-1 [email protected]...

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

CLSA-2024-1734028058 Fix CVE(s): CVE-2024-11003, CVE-2024-48990, CVE-2024-48991, CVE-2024-48992

SECURITY UPDATE: Prevent running the Python interpreter with an attacker-controlled PYTHONPATH environment variable - debian/patches/CVE-2024-48990-CVE-2024-48991.patch: do not set PYTHONPATH environment variable to prevent a LPE and prevent race condition on /proc/$PID/exec evaluation -...

Important: Red Hat Security Advisory: ruby:3.1 security update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Astra Linux – Vulnerability in needrestart

Qualys discovered that needrestart, prior to version 3.8, allowed local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

SUSE CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

DEBIAN-CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...