RHSA-2014:0008 Red Hat Security Advisory: ruby193-rubygem-actionpack security update

Bulletin has no description...

RHSA-2013:1763 Red Hat Security Advisory: ruby193-ruby security update

Bulletin has no description...

RHSA-2013:1794 Red Hat Security Advisory: ruby193-rubygem-actionpack security update

Bulletin has no description...

RHSA-2013:1523 Red Hat Security Advisory: ruby193-ruby security update

Bulletin has no description...

RHSA-2013:1090 Red Hat Security Advisory: ruby security update

Bulletin has no description...

RHSA-2013:1427 Red Hat Security Advisory: ruby193-ruby security update

Bulletin has no description...

RHSA-2013:1137 Red Hat Security Advisory: ruby193-ruby security update

Bulletin has no description...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2429)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2406)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2381)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2452)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2406)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2452)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-2429)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2024-2381)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

GHSA-CVP8-5R8G-FHVQ omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

Authentication Bypass

ruby-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper verification of the signature in the SAML Response, allowing an unauthenticated attacker to forge a SAML Response/Assertion and log in as an arbitrary user...

omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

GHSA-JW9C-MFG7-9RX2 SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...