Lucene search
K

278 matches found

RedHat Linux
RedHat Linux
added 5 days ago6 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6.1AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

DEBIAN-CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score0.00117EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/30 4:27 p.m.5 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 3:46 p.m.5 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00324EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

RHEL 9 : ruby (RHSA-2026:33512)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33512 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.4 views

RHEL 10 : ruby (RHSA-2026:33478)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:33478 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Ruby 3.1

Zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0, and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends bytes provided by the caller before previously produced...

9.8CVSS6.1AI score0.00561EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 9:16 p.m.12 views

CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.4 views

Security Bulletin: Vulnerability in Ruby affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Ruby has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

9.1CVSS6.3AI score0.00838EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.12 views

RockyLinux 9 : ruby:4.0 (RLSA-2026:20596)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20596 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...

9.1CVSS6.8AI score0.01131EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-46727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in...

8.1CVSS5.5AI score0.00478EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby 2.5

In Ruby, the CGI::Cookie.parse method used from version 2.6.8 mishandles security prefixes in cookie names. This issue also affects the CGI gem used from version 0.3.0 in Ruby...

7.5CVSS6.6AI score0.02931EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby 2.5

There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...

7.5CVSS7AI score0.04127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Ruby 2.5

A issue was discovered in Ruby 3.x through 3.3.0. If data supplied by an attacker is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3....

6.6CVSS7.3AI score0.00629EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby-Nokogiri

A command injection vulnerability exists in Nokogiri v1.10.3 and earlier. This vulnerability allows commands to be executed in a subprocess via Ruby’s Kernel.open method. Processes become vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is called with unsafe user input ...

9.8CVSS7.2AI score0.05899EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.11 views

RockyLinux 10 : ruby (RLSA-2026:18065)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18065 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.11 views

RHEL 9 : ruby (RHSA-2026:18039)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18039 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.11 views

Oracle Linux 10 : ruby (ELSA-2026-18065)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18065 advisory. 3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244 Tenable has extracted the preceding descripti...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...

8.1CVSS6AI score0.01131EPSS
Exploits0References4
Redos
Redos
added 2026/05/12 12:0 a.m.19 views

ROS-20260512-73-0033

Vulnerability in ruby related to lack of protection of proprietary data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS5.8AI score0.0051EPSS
Exploits0
Rows per page
Query Builder