14178 matches found
Medium: ruby
Issue Overview: A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of...
Medium: ruby
Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...
ROS-20240918-01
A vulnerability in the CGI::Cookie.parse function of the Ruby programming language is related to incorrect processing of security prefixes in cookie names. security prefixes in cookie names. Exploitation of the vulnerability allows an attacker, acting remotely, to affect data integrity...
Medium: ruby
Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...
Medium: ruby
Issue Overview: A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of...
PT-2024-40451 · Unknown · Camaleon Cms
Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality of Camaleon CMS. This allows normal registered users to upload SVG images or HTML documents...
Amazon Linux 2 : ruby (ALAS-2024-2634)
The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2634 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Tenable has extracted the preceding description block directly...
ALSA-2024:6784 Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Amazon Linux 2 : ruby (ALAS-2024-2637)
The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2637 advisory. A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using...
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
ALSA-2024:6785 Moderate: ruby:3.3 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...
Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.
Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-43398 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By using a specially crafted XML content, a remote...
RHSA-2024:3838 Red Hat Security Advisory: ruby security update
Bulletin has no description...
RHSA-2024:3671 Red Hat Security Advisory: ruby:3.3 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3670 Red Hat Security Advisory: ruby:3.3 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3668 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3546 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3500 Red Hat Security Advisory: ruby:3.0 security update
Bulletin has no description...