AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-43398)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43398 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it...

CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1

CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1. An upgraded version of the package is available that resolves this issue...

K000151740: Ruby vulnerability CVE-2024-47220

Security Advisory Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the...

CVE-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-16253

The PgHero gem through 2.6.0 for Ruby allows CSRF...

CVE-2020-16252

The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...

CVE-2013-1898

lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...

CVE-2013-2513

The flashtool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file...

CVE-2013-2615

lib/entrycontroller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...

CVE-2013-4203

The self.rungpg function in lib/rgpg/gpghelper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

CVE-2019-25061

The randompasswordgenerator aka RandomPasswordGenerator gem through 1.0.0 for Ruby uses Kernelrand to generate passwords, which, due to its cyclic nature, can facilitate password prediction...

CVE-2013-1947

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to 1 document.rb, 2 video.rb, or 3 videoimage.rb...

CVE-2013-5647

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

CVE-2013-4457

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1440)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

Azure Linux 3.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...