92 matches found
RHSA-2026:36099 Red Hat Security Advisory: ruby:3.3 security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby3.4: ruby3.4-3.4.8-31.3.hum1 aarch64, x8664 ruby3.4-bundled-gems-3.4.8-31.3.hum1 aarch64, x8664 ruby3.4-default-gems-3.4.8-31.3.hum1 noarch ruby3.4-devel-3.4.8-31.3.hum1 aarch64, x8664...
RHEL 8 : ruby:2.5 (RHSA-2026:33514)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33514 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
GHSA-475M-PH3X-64GP vulnerabilities
Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, kube-logging-operator, ruby4.0-fluentd-kubernetes-daemonset...
AlmaLinux 8 : ruby:3.3 (ALSA-2026:20614)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:20614 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the AlmaLinux...
Important: Red Hat Security Advisory: ruby:3.3 security update
An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2026:20614 Important: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...
CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
UBUNTU-CVE-2026-41316
ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other public methods th...
ruby: Unsafe parsing of long strings via decode_www_form_component method
The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...
ruby: memory corruption in BigDecimal on 64bit platforms
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...
ruby: memory corruption in BigDecimal on 64bit platforms
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...
SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2026:1066-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1066-1 advisory. - CVE-2024-49761: ReDoS vulnerability in REXML gem bsc1232440 bsc1232441. - CVE-2025-58767: denial of service...
GHSA-CG4J-Q9V8-6V38 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-fluentd-operator, ruby3.2-rails, kube-logging-operator, cinc-auditor...
ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media (moderate)
ruby4.0-rubygem-fluentd-1.17.1-1.5 on GA media Announcement ID: openSUSE-SU-2026:10346-1 Rating: moderate Cross-References: CVE-2021-41186 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
OPENSUSE-SU-2026:10356-1 ruby4.0-rubygem-nokogiri-1.18.9-1.4 on GA media
These are all security issues fixed in the ruby4.0-rubygem-nokogiri-1.18.9-1.4 package on the GA media of openSUSE Tumbleweed...
Astra Linux – Vulnerability in Ruby 3.1
REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.1 has some DoS vulnerabilities when it parses XML that contains many special characters such as . If you need to parse untrusted XMLs, you may be affected by these vulnerabilities. The REXML gem version 3.3.2 or later includes...
MiracleLinux 7 : ruby-2.0.0.648-39.0.1.el7.AXS7 (AXSA:2024-8934:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8934:03 advisory. CVE-2021-41819: when parsing cookies, only decode the values CVEs: CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in...
MiracleLinux 8 : ruby:2.5 (AXSA:2022-3066:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3066:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 Tenable has extracted the preceding...
MiracleLinux 3 : ruby-1.8.5-5.1 (AXSA:2007-63:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2007-63:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...