Amazon Linux AMI : ruby20 (ALAS-2023-1824)

The version of ruby20 installed on the remote host is prior to 2.0.0.648-2.42. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1824 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. ...

Medium: ruby20

Issue Overview: A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that causes process termination due to a segmentation fault, but under limited circumstances. This flaw may cause an illegal memory read. CVE-2022-28739 Affected...

Amazon Linux AMI : ruby20 (ALAS-2022-1638)

The version of ruby20 installed on the remote host is prior to 2.0.0.648-2.41. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1638 advisory. A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that...

Amazon Linux AMI : ruby20 (ALAS-2021-1505)

The version of ruby20 installed on the remote host is prior to 2.0.0.648-2.40. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1505 advisory. RDoc before version 6.3.1 used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with |...

Low: ruby20

Issue Overview: RDoc before version 6.3.1 used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command executi...

Amazon Linux AMI : ruby20 (ALAS-2021-1468)

The version of ruby20 installed on the remote host is prior to 2.0.0.648-2.39. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1468 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server...

Amazon Linux: Security Advisory (ALAS-2016-632)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)

DL::dlopen could open a library with tainted library name even if $SAFE 0. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-632. include"compat.inc"; if description scriptid87966;...

Low: ruby19, ruby20, ruby21, ruby22

Issue Overview: DL::dlopen could open a library with tainted library name even if $SAFE 0. Affected Packages: ruby19, ruby20, ruby21, ruby22 Issue Correction: Run yum update ruby19 or yum update --advisory ALAS-2016-632 to update your system. Run yum update ruby20 or yum update --advisory...

Amazon Linux: Security Advisory (ALAS-2014-448)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-441)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-547)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-531)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : ruby20 (ALAS-2015-547)

RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...

Amazon Linux AMI : ruby20 (ALAS-2015-531)

As discussed in an upstream announcement, Ruby's OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492 . C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE Security Update : ruby20 (openSUSE-SU-2015:0002-1)

This ruby update fixes the following two security issues : - bnc902851: fix CVE-2014-8080: Denial Of Service XML Expansion - bnc905326: fix CVE-2014-8090: Another Denial Of Service XML Expansion - Enable tests to run during the build. This way we can compare the results on different builds...

Amazon Linux AMI : ruby20 (ALAS-2014-448)

The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied, a small XML...

Medium: ruby20

Issue Overview: The upstream patch for CVE-2014-8080 introduced checks against the REXML.entityexpansiontextlimit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entityexpansionlimit. As a consequence, even with the patch applied,...

openSUSE Security Update : ruby20 (openSUSE-SU-2013:1834-1)

the following security issue was fixed in ruby20 : - fix CVE-2013-4164: heap overflow in float point parsing bnc851803 The file CVE-2013-4164.patch contains the patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...