Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory. ruby 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing...

CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...

CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...

CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...

CVE-2021-32740

Addressable's URI template engine is vulnerable to Denial of Service via catastrophic backtracking when processing malicious templates. The issue exists in versions 2.3.0 through 2.7.0 and is fixed in 2.8.0. Affected software: ruby-addressableRoot cause: flawed URI template matching leading to un...

CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...

CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...

Uncontrolled Resource Consumption

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource...

EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2021-2167)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onig...

Advisory ROSA-SA-2021-1939

Software: openssl 1.0.2k OS: Cobalt 7.9 CVE-ID: CVE-2011-4108 CVE-Crit: CRITICAL CVE-DESC: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs MAC checks only if a certain fill-in is allowed, making it easy for remote attackers to recover plaintext using a fill-in orac...

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2021-2069)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP serv...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2069)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory. ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS:...

ruby:2.5 security, bug fix, and enhancement update

ruby 2.5.9-107 - Update to Ruby 2.5.9. Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz1952626 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz1955010...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2012)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2021-2012)

According to the version of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML...

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

Moderate: Red Hat Security Advisory: ruby:2.5 security, bug fix, and enhancement update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...