14176 matches found
Photon OS 4.0: Ruby PHSA-2025-4.0-0813
An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0813. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Important Photon OS Security Update - PHSA-2025-4.0-0813
Updates of 'ruby', 'systemd' packages of Photon OS have been released...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1604)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1625)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1642)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1603)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1625)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1642)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1603)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The...
EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1609)
According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...
EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1604)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The...
EulerOS 2.0 SP12 : yajl (EulerOS-SA-2025-1608)
According to the versions of the yajl package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in...
CVE-2025-49007 vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, logstash...
GHSA-47M2-26RW-J2JW vulnerabilities
Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, logstash...
GHSA-47M2-26RW-J2JW vulnerabilities
Vulnerabilities for packages: ruby3.3-rails, ruby3.4-rails, logstash, ruby3.2-rails...
CVE-2025-49007 vulnerabilities
Vulnerabilities for packages: ruby3.3-rails, ruby3.4-rails, logstash, ruby3.2-rails...
OS Command Exec, Unix Command Shell, Bind TCP (via Ruby)
Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via Ruby Module Options msf use payload/php/unix/cmd/bindruby msf payloadbindruby show actions ...actions... msf payloadbindruby set ACTION msf payloadbindruby show options ...show and set options... msf...
OS Command Exec, Unix Command Shell, Reverse TCP SSL (via Ruby)
Execute an OS command from PHP. Connect back and create a command shell via Ruby, uses SSL Module Options msf use payload/php/unix/cmd/reverserubyssl msf payloadreverserubyssl show actions ...actions... msf payloadreverserubyssl set ACTION msf payloadreverserubyssl show options ...show and set...
K000151742: REXML vulnerability CVE-2024-43398
Security Advisory Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be...
Ruby RACK 3.1.x < 3.1.16 DoS
The version of the RACK Ruby library installed on the remote host is 3.1.x prior to 3.1.16 . It is, therefore, affected by a DoS vulnerability where an attacker can create a crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting...