OPENSUSE-SU-2025:15112-1 ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed...

Malicious code in xero_ruby_oauth2_app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df775937f934e6eee2161d71e8e61cc59dab858b11abd32721c7bb957ab91ee1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3928 Malicious code in xero_ruby_oauth2_app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df775937f934e6eee2161d71e8e61cc59dab858b11abd32721c7bb957ab91ee1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ruby:2.5 security update

ruby 2.5.9-114 - Fix integer overflow in searchinrange function in regexec.c CVE-2019-19012. Resolves: RHEL-87505 rubygem-abrt rubygem-bson rubygem-bundler 1.16.1-5 - Fix unexpected code execution in Gemfiles CVE-2021-43809 Resolves: RHEL-87017 rubygem-mongo rubygem-mysql2 rubygem-pg...

Ruby RACK < 2.2.14 / 3.0.16 / 3.1.14 DoS vulnerability

The version of the RACK Ruby library installed on the remote host is prior to 2.2.14 / 3.0.16 / 3.1.14 . It is, therefore, affected by a DoS vulnerability where an attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU...

rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...

RHSA-2025:7539 Red Hat Security Advisory: ruby:2.5 security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2025:7539 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: oniguruma: integer overflow in searchinrange function in regexec.c leads to out-of-bounds read CVE-2019-19012 rubygem-bundler:...

Alibaba Cloud Linux 3 : 0054: ruby:2.7 (ALINUX3-SA-2021:0054)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0054 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-36327: Bundler 1.16.0 through 2.2...

Alibaba Cloud Linux 3 : 0044: ruby:2.7 (ALINUX3-SA-2021:0044)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25613: An issue was discovered in...

RHEL 8 : ruby:2.5 (RHSA-2025:7539)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7539 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1539)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1538)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4163-1] rubygems security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 12, 2025 https://wiki.debian.org/LTS -...

CVE-2025-46336 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.2-rails, logstash, ruby3.4-rails...

GHSA-9J94-67JR-4CQJ vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.2-rails, logstash, ruby3.4-rails...

GHSA-GJH7-P2FX-99VX vulnerabilities

Vulnerabilities for packages: ruby4.0-rack, ruby3.2-rails, ruby3.2-rack, ruby3.4-rails, logstash, ruby3.4-rack, ruby3.3-rails, ruby3.3-rack...

CVE-2025-46727 vulnerabilities

Vulnerabilities for packages: ruby4.0-rack, ruby3.2-rails, ruby3.2-rack, ruby3.4-rails, logstash, ruby3.4-rack, ruby3.3-rails, ruby3.3-rack...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-1539)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...