278 matches found
ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...
DEBIAN-CVE-2026-54897
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...
Important: Red Hat Security Advisory: ruby security update
An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...
RHEL 9 : ruby (RHSA-2026:33512)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33512 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 10 : ruby (RHSA-2026:33478)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:33478 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management...
Astra Linux – Vulnerability in Ruby 3.1
Zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0, and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends bytes provided by the caller before previously produced...
CVE-2026-47241
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...
Security Bulletin: Vulnerability in Ruby affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Ruby has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
RockyLinux 9 : ruby:4.0 (RLSA-2026:20596)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20596 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...
Linux Distros Unpatched Vulnerability : CVE-2026-46727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in...
Astra Linux – Vulnerability in Ruby 2.5
In Ruby, the CGI::Cookie.parse method used from version 2.6.8 mishandles security prefixes in cookie names. This issue also affects the CGI gem used from version 0.3.0 in Ruby...
Astra Linux – Vulnerability in Ruby 2.5
There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...
Astra Linux – Vulnerability in Ruby 2.5
A issue was discovered in Ruby 3.x through 3.3.0. If data supplied by an attacker is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3....
Astra Linux – Vulnerability in Ruby-Nokogiri
A command injection vulnerability exists in Nokogiri v1.10.3 and earlier. This vulnerability allows commands to be executed in a subprocess via Ruby’s Kernel.open method. Processes become vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is called with unsafe user input ...
RockyLinux 10 : ruby (RLSA-2026:18065)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18065 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...
RHEL 9 : ruby (RHSA-2026:18039)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18039 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...
Oracle Linux 10 : ruby (ELSA-2026-18065)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18065 advisory. 3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244 Tenable has extracted the preceding descripti...
Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)
The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...
ROS-20260512-73-0033
Vulnerability in ruby related to lack of protection of proprietary data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...