Unity Linux 20.1060e / 20.1070e Security Update: rubygem-websocket-extensions (UTSA-2026-016659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016659 advisory. websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a head...

Moderate: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

ALEA-2021:4282 new module: ruby:3.0

This enhancement update adds the ruby:3.0 module to AlmaLinux BZ1938942 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

CVE-2020-7663

A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...

DEBIAN-CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

CVE-2020-7663

The CVE-2020-7663 issue affects the ruby-websocket-extensions library (prior to 0.1.5). The parser can take quadratic time when processing a Sec-WebSocket-Extensions header containing an unclosed string parameter value with a repeating two‑byte sequence (backslash and a character), enabling Regex...

PT-2020-19691

Name of the Vulnerable Software and Affected Versions websocket-extensions ruby module versions prior to 0.1.5 Description The issue allows for Denial of Service DoS via Regex Backtracking. An attacker can exploit this by providing a malicious payload with the Sec-WebSocket-Extensions header,...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, but the exact target and vulnerability are not specified in the provided code. The module is written in Ruby and uses the Metasploit framewor...

Fedora Update for rubygem-rubyzip FEDORA-2019-0182d0b304

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DLA 167-1] redcloth security update

Package : redcloth Version : 4.2.2-1.1+deb6u1 CVE ID : CVE-2012-6684 Debian Bug : 774748 Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by...

CVE-2009-0161

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate...