Adobe Commerce / Magento Open Source XML Injection / User Impersonation

!/usr/bin/env ruby -W0 require 'bundler' Bundler.require:default DEBUG = false USEPROXY = false PROXYADDR = '127.0.0.1' PROXYPORT = 8080 def debugmsg puts msg.inspect if DEBUG end def randtextlength = 8 random string generator o = 'a'..'z', 'A'..'Z'.map&:toa.flatten 0...length.map orando.length...

[SECURITY] Fedora 40 Update: ruby-3.3.4-11.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Oracle Linux 8 : ruby (ELSA-2024-4499)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4499 advisory. - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in...

ALPINE-CVE-2024-39908

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

AZL-45769 CVE-2024-39908 affecting package ruby for versions less than 3.3.5-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

CVE-2024-39908 Denial of service in REXML

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

CVE-2024-39908 Denial of service in REXML

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

CVE-2024-39908

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

CVE-2024-39908

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1897)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RLSA-2024:4499 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability...

Rocky Linux 8 : ruby (RLSA-2024:4499)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4499 advisory. rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability in StringIO...

RHEL 9 : ruby (RHSA-2024:4542)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4542 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-1897)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-1921)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

ruby security update

ruby 2.5.9-112 - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-34125 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-34117 -...

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - onigmo: out-of-bounds read in nextstateval in regparse.c CVE-2019-16162 - Onigmo through 6.2.0 has a NULL...

RHEL 8 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - onigmo: out-of-bounds read in nextstateval in regparse.c CVE-2019-16162 - Onigmo through 6.2.0 has a NULL...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...