Debian dla-4090 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4090 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4090-1 [email protected]...

Important Photon OS Security Update - PHSA-2025-5.0-0488

Updates of 'ruby', 'binutils', 'elfutils' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2025-4.0-0772

Updates of 'ruby' packages of Photon OS have been released...

RHEL 6 / 7 : ruby193-ruby (RHSA-2014:1913)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1913 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27220)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27220 advisory. - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the...

RHEL 7 : Red Hat CloudForms (RHSA-2018:0380)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0380 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27221)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27221 advisory. - In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent...

RHEL 6 : cfme (RHSA-2014:1317)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1317 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

Remote Code Execution (RCE)

graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...

CVE-2025-27221 affecting package ruby for versions less than 3.1.4-9

CVE-2025-27221 affecting package ruby for versions less than 3.1.4-9. A patched version of the package is available...

CVE-2025-27219 affecting package ruby for versions less than 3.1.4-9

CVE-2025-27219 affecting package ruby for versions less than 3.1.4-9. A patched version of the package is available...

CVE-2025-27220 affecting package ruby for versions less than 3.1.4-9

CVE-2025-27220 affecting package ruby for versions less than 3.1.4-9. A patched version of the package is available...

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.

...

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.

...

In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent XML parsing due to differences between ReXML and Nokogiri, allowing attackers to execute a Signature Wrapping attack that can bypass authentication...

RockyLinux 9 : ruby (RLSA-2024:10858)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10858 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to a parser differential between ReXML and Nokogiri, allowing an attacker to execute a Signature Wrapping attack and potentially gain unauthorized access...

ruby security update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...