SUSE CVE-2023-4785

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 9.2.1, which stems from the unrestricted nature of the regular expression matching behavior, and could lead to catastrophic backtracking when processing ad-hoc input,...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 6.1.7, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the processing of HTTP request headers, which can be exploited by an attacker to...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 9.0.5 through versions prior to 10.1.3, which stems from a regular expression denial of service ReDoS attack that can be caused by crafting a specific options parameter...

OPENSUSE-SU-2025:14811-1 ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.11-1.1 package on the GA media of openSUSE Tumbleweed...

USN-7256-2: Ruby regression

USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an...

USN-7256-2 ruby2.7 regression

USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an...

Ubuntu 20.04 LTS : Ruby regression (USN-7256-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7256-2 advisory. USN-7256-1 fixed vulnerabilities in Ruby. The update introduced a minor regression. This update fixes the problem. We apologize for the inconvenience. Tenable has...

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby allows a hacker to cause a service failure.

The vulnerability of the ActiveRecord PostgreSQL interpreter for Ruby is related to insufficient validation of data entered by users. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework, which allows a hacker to trigger a service failure.

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the Active Support PostgreSQL Ruby interpreter component, which allows a hacker to trigger a service failure.

The vulnerability of the Active Support PostgreSQL Ruby interpreter’s component is related to insufficient validation of data entered by users in the Inflector.underscore. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework, which allows a hacker to trigger a service failure.

The vulnerability of the ActionDispatch component in the Ruby on Rails software framework is related to insufficient validation of data entered by users. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

CVE-2025-25186

A flaw was found in Ruby's net-imap library. In certain versions, there is a possibility for denial of service by memory exhaustion in the net-imap response parser. At any time while the client is connected, a malicious server can send highly compressed uid-set data, which is automatically read b...

Internet Bug Bounty: Possible DoS by memory exhaustion in net/imap

The net-imap gem implemented an IMAP client in Ruby. Versions prior to 0.3.8, 0.4.19, and 0.5.6 contained a vulnerability that could lead to denial of service by memory exhaustion. The vulnerability was caused by the response parser using Rangetoa to convert uid-set data without limiting the...

Astra Linux – Vulnerability in Ruby 3.1

REXML is an XML toolkit for Ruby. The REXML gem prior to version 3.3.9 has a ReDoS vulnerability when it parses an XML document containing many digits between “&” and “x…” in a hexadecimal character reference &x…. This issue does not occur in Ruby 3.2 or later versions. Ruby 3.1 is the only...

Ubuntu: Security Advisory (USN-6838-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4018-2 ruby2.7 - regression update

Bulletin has no description...

USN-6838-2: Ruby vulnerability

USN-6838-1 fixed CVE-2024-27281 in Ruby 2.7, Ruby 3.0, Ruby 3.1, and Ruby 3.2. This update provides the corresponding updates for Ruby 2.3 and Ruby 2.5. Original advisory details: It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked in...