Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem

Summary IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem Vulnerability Details CVEID:CVE-2025-14762 DESCRIPTION: Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts ...

Linux Distros Unpatched Vulnerability : CVE-2025-14762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to differe...

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

PT-2025-28418 · Ruby +1 · Resolve +2

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to a possible Denial of Service in the resolv gem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents...

BIT-GITLAB-2025-25292 Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

CVE-2025-27220 vulnerabilities

Vulnerabilities for packages: logstash, ruby, elasticsearch, jruby...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

SUSE-SU-2025:0736-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: - ruby/uri Fix quadratic backtracking on invalid relative URI - ruby/time Make...

BIT-RUBY-MIN-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

BIT-RUBY-MIN-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

BIT-RUBY-MIN-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

OPENSUSE-SU-2025:14678-1 ruby3.4-rubygem-activesupport-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activesupport-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14680-1 ruby3.4-rubygem-railties-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-railties-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

RHSA-2024:11001 Red Hat Security Advisory: ruby:2.5 security update

Bulletin has no description...

RHSA-2008:0897 Red Hat Security Advisory: ruby security update

Bulletin has no description...

CVE-2023-28755 vulnerabilities

Vulnerabilities for packages: ruby...

OPENSUSE-SU-2021:0607-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - Update to 2.5.9 - CVE-2021-28965: XML round-trip vulnerability in REXML bsc1184644 This update was imported from the SUSE:SLE-15:Update update project...

CVE-2019-16254

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...