86 matches found
GHSA-6F62-3596-G6W7 vulnerabilities
Vulnerabilities for packages: ruby3.1-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-webrick, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
CVE-2024-43398 vulnerabilities
Vulnerabilities for packages: ruby3.1-fluentd-kubernetes-daemonset, jruby, ruby3.4-fluentd-kubernetes-daemonset, ruby, ruby3.2-rexml, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
GHSA-5866-49GR-22V4 vulnerabilities
Vulnerabilities for packages: ruby3.1-fluentd-kubernetes-daemonset, jruby, ruby3.4-fluentd-kubernetes-daemonset, ruby, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
CVE-2024-41123 vulnerabilities
Vulnerabilities for packages: ruby3.1-fluentd-kubernetes-daemonset, jruby, ruby3.4-fluentd-kubernetes-daemonset, ruby, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
GHSA-4XQQ-M2HX-25V8 vulnerabilities
Vulnerabilities for packages: ruby3.1-fluentd-kubernetes-daemonset, jruby, ruby3.4-fluentd-kubernetes-daemonset, ruby, ruby3.2-rexml, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
AZL-45435 CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...
MGASA-2024-0160 Updated ruby packages fix security vulnerabilities
Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...
Moderate Photon OS Security Update - PHSA-2024-5.0-0259
Updates of 'ruby' packages of Photon OS have been released...
[slackware-security] ruby
New ruby packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ruby-3.0.7-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex...
Oracle Linux 8 : ruby:3.1 (ELSA-2024-1431)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1431 advisory. ruby 3.1.4-142 - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in UR...
Important Photon OS Security Update - PHSA-2024-5.0-0221
Updates of 'ruby' packages of Photon OS have been released...
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-2341)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific...
MGASA-2022-0454 Updated ruby packages fix security vulnerability
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...
MGASA-2022-0200 Updated ruby-nokogiri packages fix security vulnerability
Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a...
MGASA-2022-0143 Updated ruby packages fix security vulnerability
Double free in Regexp compilation CVE-2022-28738. A buffer overrun was found in String-to-Float conversion CVE-2022-28739...
MGASA-2022-0102 Updated ruby packages fix security vulnerability
Command injection in ruby bundler. CVE-2021-43809...
Updated ruby packages fix security vulnerability
Command injection in ruby bundler. CVE-2021-43809...
MGASA-2021-0579 Updated ruby packages fix security vulnerability
Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2021-2614)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fai...
Moderate Photon OS Security Update - PHSA-2021-0096
Updates of 'ruby' packages of Photon OS have been released...