Linux Distros Unpatched Vulnerability : CVE-2017-17790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a...

Linux Distros Unpatched Vulnerability : CVE-2015-7551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before...

Linux Distros Unpatched Vulnerability : CVE-2017-10784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal...

Linux Distros Unpatched Vulnerability : CVE-2015-1855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - verifycertificateidentity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate...

Linux Distros Unpatched Vulnerability : CVE-2019-16255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the command argument to Shell or Shelltest in...

Linux Distros Unpatched Vulnerability : CVE-2019-16254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the...

Linux Distros Unpatched Vulnerability : CVE-2017-9229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in...

Linux Distros Unpatched Vulnerability : CVE-2014-8090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial ...

Linux Distros Unpatched Vulnerability : CVE-2015-9284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework,...

Linux Distros Unpatched Vulnerability : CVE-2018-8780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods...

Linux Distros Unpatched Vulnerability : CVE-2018-16395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two...

Linux Distros Unpatched Vulnerability : CVE-2019-15845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. CVE-2019-15845 Note that Nessus relies ...

GHSA-22H5-PQ3X-2GF2 vulnerabilities

Vulnerabilities for packages: ruby, jruby, ruby3.2-uri, ruby3.2-rails, ruby3.4-rails, ruby3.3-uri, ruby3.3-rails, ruby3.4-uri, kube-fluentd-operator, logstash...

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

GHSA-MHWM-JH88-3GJF vulnerabilities

Vulnerabilities for packages: ruby, logstash, jruby...

GHSA-MHWM-JH88-3GJF vulnerabilities

Vulnerabilities for packages: jruby, ruby, elasticsearch, logstash...

GHSA-MHWM-JH88-3GJF CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

GHSA-GH9Q-2XRM-X6QV vulnerabilities

Vulnerabilities for packages: jruby, ruby, elasticsearch, logstash...

GHSA-GH9Q-2XRM-X6QV vulnerabilities

Vulnerabilities for packages: ruby, logstash, jruby...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...