EUVD-2022-5627

Malicious code in bioql PyPI...

EUVD-2025-7224

Malicious code in bioql PyPI...

EUVD-2022-4963

Malicious code in bioql PyPI...

EUVD-2025-12559

Malicious code in bioql PyPI...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2084)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-2056)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : ruby, --advisory ALAS2-2025-2990 (ALAS-2025-2990)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2990 advisory. An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter...

Linux Distros Unpatched Vulnerability : CVE-2023-51774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...

SUSE SLES15 Security Update : ruby2.5 (SUSE-SU-2025:02739-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02739-2 advisory. - CVE-2025-6442: Fixed readheader HTTP Request Smuggling Vulnerability in WEBrick bsc1245254 - CVE-2025-27221: Fixed userinfo...

Linux Distros Unpatched Vulnerability : CVE-2019-15587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2019-15587 Note th...

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

Linux Distros Unpatched Vulnerability : CVE-2021-33621

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1941)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1967)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1967)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1124 advisory. Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1131)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1131 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.An attacker can craft a...

NewStart CGSL MAIN 7.02 : ruby Multiple Vulnerabilities (NS-SA-2025-0116)

The remote NewStart CGSL host, running version MAIN 7.02, has ruby packages installed that are affected by multiple vulnerabilities: - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increa...

CVE-2025-6442 affecting package ruby for versions less than 3.1.7-2

CVE-2025-6442 affecting package ruby for versions less than 3.1.7-2. A patched version of the package is available...

GHSA-XH69-987W-HRP8 resolv vulnerable to DoS via insufficient DNS domain name length validation

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed doma...