CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2023:4176-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4176-1 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3626-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3626-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. CVE-2018-6914 ...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-6087-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6087-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a...

USN-6055-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities

It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. CVE-2023-28755 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-6055-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6055-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a...

Last Years Open Source - Tomorrow's Vulnerabilities

Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: "given enough eyeballs, all bugs are shallow." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Ruby vulnerabilities (USN-5462-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5462-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute...

SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2022:1512-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1512-1 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute...

Vulnerabilities fixed in Ruby

Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5020-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5020-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary...

USN-5020-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-31799 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to conduct port scans and service banner...

USN-4882-1 ruby2.3, ruby2.5, ruby2.7 vulnerabilities

It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

USN-4201-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered tha...

Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-4201-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4201-1 advisory. It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead ...

SUSE-SU-2019:1804-1 Security update for ruby-bundled-gems-rpmhelper, ruby2.5

This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the following issues: Changes in ruby2.5: Update to 2.5.5 and 2.5.4: https://www.ruby-lang.org/en/news/2019/03/15/ruby-2-5-5-released/ https://www.ruby-lang.org/en/news/2019/03/13/ruby-2-5-4-released/ Security issues fixed: -...

USN-3945-1 ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. CVE-2019-8320 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3685-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3685-1 advisory. Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered...

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

USN-3553-1: Ruby vulnerabilities

It was discovered that Ruby failed to validate specification names. An attacker could possibly use a maliciously crafted gem to potentially overwrite any file on the filesystem. CVE-2017-0901 It was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this t...