ALSA-2025:23062 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

openSUSE Security Advisory (SUSE-SU-2025:3776-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

EUVD-2017-0181

Malware in sbrugna...

EUVD-2010-3906

Malware in sbrugna...

EUVD-2019-7013

Malware in sbrugna...

EUVD-2017-5577

Malware in sbrugna...

EUVD-2022-2915

Malicious code in bioql PyPI...

EUVD-2025-5509

Malicious code in bioql PyPI...

EUVD-2022-4012

Malicious code in bioql PyPI...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-35221: Fixed remote denial of service via YAML manifest bsc1225905 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Low: ruby3.2

Issue Overview: Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Affected Packages: ruby3.2 Issue Correction: Run dnf update ruby3.2 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1124 --releasever 2023.8.20250808 to update your syste...

Amazon Linux 2 : ruby (ALAS-2025-2957)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2957 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a...

TencentOS Server 3: ruby:2.5 (TSSA-2024:1115)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1115 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

DLA-4082-1 ruby2.7 - security update

Bulletin has no description...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

DLA-4018-1 ruby2.7 - security update

Bulletin has no description...

CVE-2024-12539 vulnerabilities

Vulnerabilities for packages: ruby3.2-elasticsearch, elasticsearch, ruby3.3-elasticsearch, elasticsearch-fips...

RHEL 8 : ruby:2.5 (RHSA-2024:11027)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11027 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

USN-7091-2: Ruby vulnerabilities

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...