Lucene search
K

92 matches found

OSV
OSV
added 2026/07/07 10:9 a.m.8 views

RHSA-2026:36099 Red Hat Security Advisory: ruby:3.3 security update

Bulletin has no description...

7.4CVSS5.9AI score0.00813EPSS
Exploits0References29
RedHat Linux
RedHat Linux
added 2026/07/01 1:59 p.m.6 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby3.4: ruby3.4-3.4.8-31.3.hum1 aarch64, x8664 ruby3.4-bundled-gems-3.4.8-31.3.hum1 aarch64, x8664 ruby3.4-default-gems-3.4.8-31.3.hum1 noarch ruby3.4-devel-3.4.8-31.3.hum1 aarch64, x8664...

5.8CVSS5.9AI score0.00239EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

RHEL 8 : ruby:2.5 (RHSA-2026:33514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33514 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References6
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-475M-PH3X-64GP vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, kube-logging-operator, ruby4.0-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

AlmaLinux 8 : ruby:3.3 (ALSA-2026:20614)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:20614 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the AlmaLinux...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/26 7:37 a.m.36 views

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 12:0 a.m.10 views

ALSA-2026:20614 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/24 3:16 a.m.5 views

CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 3:16 a.m.13 views

UBUNTU-CVE-2026-41316

ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: Unsafe parsing of long strings via decode_www_form_component method

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

7.5CVSS7AI score0.04128EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.2 views

ruby: memory corruption in BigDecimal on 64bit platforms

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...

6.8CVSS6.9AI score0.03025EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.2 views

ruby: memory corruption in BigDecimal on 64bit platforms

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...

6.8CVSS6.9AI score0.03025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2026:1066-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1066-1 advisory. - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service...

9.8CVSS7.4AI score0.01429EPSS
Exploits0References11
Wolfi
Wolfi
added 2026/03/25 1:48 a.m.7 views

GHSA-CG4J-Q9V8-6V38 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, kube-fluentd-operator, ruby3.2-rails, kube-logging-operator, cinc-auditor...

6.1AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/16 12:0 a.m.3 views

ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media (moderate)

ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media Announcement ID: openSUSE-SU-2026:10346-1 Rating: moderate Cross-References: CVE-2021-41186 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

7.5CVSS5.8AI score0.02004EPSS
Exploits0
OSV
OSV
added 2026/03/13 12:0 a.m.3 views

OPENSUSE-SU-2026:10356-1 ruby4.0-rubygem-nokogiri-1.18.9-1.4 on GA media

These are all security issues fixed in the ruby4.0-rubygem-nokogiri-1.18.9-1.4 package on the GA media of openSUSE Tumbleweed...

10CVSS7.4AI score0.52063EPSS
Exploits17References44
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in Ruby 3.1

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.1 has some DoS vulnerabilities when it parses XML that contains many special characters such as . If you need to parse untrusted XMLs, you may be affected by these vulnerabilities. The REXML gem version 3.3.2 or later includes...

4.3CVSS6.5AI score0.01493EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : ruby-2.0.0.648-39.0.1.el7.AXS7 (AXSA:2024-8934:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8934:03 advisory. CVE-2021-41819: when parsing cookies, only decode the values CVEs: CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in...

7.5CVSS5.5AI score0.02931EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : ruby:2.5 (AXSA:2022-3066:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3066:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 Tenable has extracted the preceding...

9.3CVSS7.3AI score0.06307EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.9 views

MiracleLinux 3 : ruby-1.8.5-5.1 (AXSA:2007-63:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2007-63:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...

5CVSS5.5AI score0.0187EPSS
Exploits1References3
Rows per page
Query Builder