Linux Distros Unpatched Vulnerability : CVE-2021-22903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain allowed...

Linux Distros Unpatched Vulnerability : CVE-2020-8159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote...

Linux Distros Unpatched Vulnerability : CVE-2018-16468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2018-16468 Note...

Linux Distros Unpatched Vulnerability : CVE-2020-4054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using...

Linux Distros Unpatched Vulnerability : CVE-2020-5217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was...

Linux Distros Unpatched Vulnerability : CVE-2025-27788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read,...

ROS-20250826-03

Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...

Linux Distros Unpatched Vulnerability : CVE-2018-3769

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via format parameter. CVE-2018-3769 Note that Nessus relies on the presence of the...

ROS-20250825-05

A vulnerability in the Ruby Sinatra web application development framework is related to a flaw in limiting the name of the of the directory path. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data...

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2019-15587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. CVE-2019-15587 Note th...

Linux Distros Unpatched Vulnerability : CVE-2018-3741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in...

Linux Distros Unpatched Vulnerability : CVE-2020-14001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as...

Linux Distros Unpatched Vulnerability : CVE-2014-3248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera...

Linux Distros Unpatched Vulnerability : CVE-2012-2126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

Linux Distros Unpatched Vulnerability : CVE-2016-11086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allo...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Linux Distros Unpatched Vulnerability : CVE-2025-45765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is keysize is not something that is enforced by this library...

ruby3.4-rubygem-activerecord-8.0-8.0.1-2.1 on GA media (moderate)

ruby3.4-rubygem-activerecord-8.0-8.0.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15480-1 Rating: moderate Cross-References: CVE-2025-55193 CVSS scores: CVE-2025-55193 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2025-55193 SUSE : 5.3...

Ubuntu: Security Advisory (USN-7709-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...