RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Fiddle::Function.new heap buffer overflow CVE-2016-2339 - Type confusion exists in canceleval Ruby'...

RHEL 8 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: OpenSSL::X509::Name equality check does not work correctly CVE-2018-16395 - An issue was discovered...

RHEL 6 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

RHEL 5 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

OESA-2024-1545 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the...

MGASA-2024-0160 Updated ruby packages fix security vulnerabilities

Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...

Updated ruby packages fix security vulnerabilities

Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...

Mageia: Security Advisory (MGASA-2024-0160)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...

CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...

CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...

CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

CVE-2024-27282

CVE-2024-27282 affects Ruby 3.x through 3.3.0: attacker-supplied data in the Ruby regex compiler may read arbitrary heap data from the start of the text, including pointers and sensitive strings. Fixed versions: 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Multiple connected advisories reference this CVE and ...

Malicious code in dependency_confusion123 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4d13afb7306711deba7679787e9c867a3285ab9deabbf0d1efcf452427cd004 The OpenSSF Package Analysis project identified 'dependencyconfusion123' @ 9.9.9 rubygems as malicious. It is considered malicious because: - Th...

ROS-20240508-01

Vulnerability in the Rack module of the Ruby interpreter is related to incorrect implementation of the Ruby programming language of handling invalid URLs. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

Oracle Linux 9 : pcs (ELSA-2024-2113)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2113 advisory. - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26446, RHEL-26448, RHEL-26450 Tenable has extracted th...