Photon OS 3.0: Ruby PHSA-2024-3.0-0732

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0732. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Ruby PHSA-2024-4.0-0562

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0562. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

ROS-20240723-03

Vulnerability of Ruby interpreter's Net::FTP class implementation is related to flaws in service data protection using the PASV command. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information. remotely, to gain unauthorized...

Photon OS 5.0: Ruby PHSA-2024-5.0-0236

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0236. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Ruby PHSA-2021-4.0-0008

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0008. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Ruby PHSA-2024-5.0-0247

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0247. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Ruby PHSA-2024-5.0-0221

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0221. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Ruby PHSA-2022-3.0-0354

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0354. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Ruby PHSA-2022-3.0-0447

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0447. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Ruby PHSA-2024-3.0-0754

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0754. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Ubuntu: Security Advisory (USN-6905-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 4.0: Ruby PHSA-2022-4.0-0199

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0199. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Ruby PHSA-2024-4.0-0600

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0600. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Adobe Commerce / Magento Open Source XML Injection / User Impersonation

!/usr/bin/env ruby -W0 require 'bundler' Bundler.require:default DEBUG = false USEPROXY = false PROXYADDR = '127.0.0.1' PROXYPORT = 8080 def debugmsg puts msg.inspect if DEBUG end def randtextlength = 8 random string generator o = 'a'..'z', 'A'..'Z'.map&:toa.flatten 0...length.map orando.length...

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2024-39906

The CVE-2024-39906 vulnerability affects the Haven blog web application (Ruby on Rails) via its IndieAuth functionality. A logged-in administrator can be forced to click a crafted link that executes arbitrary commands on the server, enabling Remote Code Execution (RCE). The root cause is a comman...

CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

[SECURITY] Fedora 40 Update: ruby-3.3.4-11.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

PT-2024-28724 · Unknown +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Haven blog web application affected versions not specified Description: A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires...

SUSE CVE-2024-39908

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...