ALSA-2023:7025 Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: Buffer overrun in String-to-Float conversion CVE-2022-28739 ruby...

The vulnerability of the yajl_string_decode function in the yajl_encode.c component of the YAJL-ruby library allows a attacker to cause a service failure.

The vulnerability of the yajlstringdecode function in the yajlencode.c component of the YAJL-ruby library is related to insufficient processing of the format string. Exploiting this vulnerability could allow a malicious actor to cause a service failure by using a specially created JSON file...

The vulnerability of the `yajl_tree_parse` function in the YAJL-ruby JSON library allows a attacker to cause a service failure.

The vulnerability of the yajltreeparse function in the YAJL-ruby JSON library is related to improper memory release before deleting the last reference. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the yajl_buf.c component in the YAJL-ruby JSON library allows a hacker to gain access to confidential data.

The vulnerability of the yajlbuf.c component in the YAJL-ruby library relates to the situation where an operation is performed outside the buffer’s memory boundaries. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data...

rubygem-activerecord: SQL Injection

A flaw was found in RubyGem's activerecord gem, which is vulnerable to SQL injection. This flaw allows a remote attacker to send specially-crafted SQL statements to the comments, allowing the attacker to view, add, modify, or delete information in the back-end database...

rubygem-rack: Denial of service in Multipart MIME parsing

A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than...

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

ruby-git: code injection vulnerability

A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository...

ruby-git: code injection vulnerability

A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository...

Rocky Linux 8 : ruby:2.6 (RLSA-2022:0543)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0543 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that...

Fedora 39 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-4f0bb4ff5e)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-4f0bb4ff5e advisory. Ruby on Rails security upgrade: https://rubyonrails.org/2023/8/22/Rails-Versions-7-0-7-2-6-1-7-6-have- been-released - incorrect file permissions on encrypte...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:5779)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5779 advisory. - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1,...

Exploit for SQL Injection in Spiceworks Help_Desk_Server

Spiceworks Sort SQLi There's a SQLi in a sort parameter of...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

Rocky Linux 8 : ruby:2.6 (RLSA-2022:5338)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5338 advisory. - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion,...

Rocky Linux 8 : ruby:2.5 (RLSA-2022:0545)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0545 advisory. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue...

Rocky Linux 9 : ruby (RLSA-2022:6585)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6585 advisory. - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted...

GHSA-FRGF-8JR5-J2JV memory leak flaw was found in ruby-magick

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service DOS by memory exhaustion...

memory leak flaw was found in ruby-magick

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service DOS by memory exhaustion...