Fedora 37 : ruby (2022-f0f6c6bec2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f0f6c6bec2 advisory. Upgrade to Ruby 3.1.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

ROS-20241112-06

The XML toolkit vulnerability for Ruby REXML is related to inefficient regular expression complexity expressions. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of service attack using regular expressions. denial-of-service attack using regular...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

CVE-2024-49761

...

CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8

CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8. A patched version of the package is available...

[SECURITY] [DLA 3949-1] ruby-saml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 11, 2024 https://wiki.debian.org/LTS -...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2821)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3949-1 ruby-saml - security update

Bulletin has no description...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2838)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2914)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2895)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3949-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3949 : ruby-saml - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3949 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3949-1 [email protected] https://www.debian.org/lts/security/...

ruby3.3-rubygem-rails-7.0-7.0.8.6-1.1 on GA media (moderate)

ruby3.3-rubygem-rails-7.0-7.0.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2024:14479-1 Rating: moderate Cross-References: CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVSS scores: CVE-2024-41128 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-47887 SUSE : 5.9...

MGASA-2024-0348 Updated ruby-webrick packages fix security vulnerability

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. CVE-2024-47220...

OESA-2024-2341 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: CVE-2024-49761...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2838)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2895)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby.The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull...

ruby3.3-rubygem-actionmailer-7.0-7.0.8.6-1.1 on GA media (moderate)

ruby3.3-rubygem-actionmailer-7.0-7.0.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2024:14471-1 Rating: moderate Cross-References: CVE-2024-47889 CVSS scores: CVE-2024-47889 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...