CVE-2025-27221

CVE-2025-27221 affects the Ruby URI module (URI.join, URI#merge, URI#+). The root issue is leakage of userinfo credentials when the host is changed, as userinfo is retained. This impacts versions of the URI gem prior to 1.0.3; the issue is fixed in 1.0.3 and later. If exploited, credential exposu...

Ubuntu: Security Advisory (USN-7309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:0736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2011-2686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context- dependent attackers to predict the values of random numbe...

Linux Distros Unpatched Vulnerability : CVE-2009-5147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. CVE-2009-5147 Note that Nessu...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27220

CVE-2025-27220 affects the CGI gem in Ruby, with a Regular Expression DoS in CGI::Util#escapeElement present in versions prior to 0.4.2. Documents indicate a DoS risk due to unbounded processing of input during cookie handling; no exploit details or affected environments are provided beyond this....

CVE-2025-27219

CVE-2025-27219 : In the CGI gem for Ruby, the CGI::Cookie.parse method (Ruby CGI library) has a Denial of Service vulnerability due to no limit on the length of the raw cookie value processed. This can lead to excessive resource consumption when parsing extremely large cookies. Connected referenc...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-39908)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39908 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when...

Linux Distros Unpatched Vulnerability : CVE-2011-3624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers...

Linux Distros Unpatched Vulnerability : CVE-2011-2705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, whic...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-39908)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39908 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when...

USN-7309-1: Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

USN-7309-1 Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

Malicious code in binance-connector-ruby (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 41e39728f8654e35cb29f5b837a886f3a5a9ff0dd9b523fc1777672083ae645d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...