UBUNTU-CVE-2023-4785

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

Code injection

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

CVE-2023-4785 Denial of Service in gRPC Core

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

CVE-2023-4785

CVE-2023-4785: Google gRPC core flaw — lack of error handling in the TCP server on posix platforms (e.g., Linux) can cause DoS when many connections are opened. Affected: gRPC C++, Python, Ruby (not Java/Go). Upgrades exist: CBLMariner advises grpc >= 1.62.0-2; IBM advisories for Cloud Pak for...

[SECURITY] [DLA 3566-1] ruby-rails-html-sanitizer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3566-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3565-1] ruby-loofah security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

Ubuntu: Security Advisory (USN-6358-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-30643

Name of the Vulnerable Software and Affected Versions gRPC versions 1.23 and later Description The issue is related to a lack of error handling in the TCP server in Google's gRPC, which allows an attacker to cause a denial of service by initiating a significant number of connections with the...

DLA-3565-1 ruby-loofah - security update

Bulletin has no description...

DLA-3566-1 ruby-rails-html-sanitizer - security update

Bulletin has no description...

USN-6358-1: RedCloth vulnerability

It was discovered that RedCloth incorrectly handled certain inputs during html sanitisation. An attacker could possibly use this issue to cause a denial of service...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2800)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2824)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : ruby (ELSA-2019-2028)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2028 advisory. - Introduce 'Gem::UserInteractionverbose' method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escap...

Medium: ruby20

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could...

Oracle Linux 5 : Moderate: / ruby (ELSA-2007-0965)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0965 advisory. 1.8.5-5.el51.1 - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL...

Oracle Linux 8 : pcs (ELSA-2020-5724)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5724 advisory. 0.10.4-6.0.1.el82.1 - Replace HAM-logo.png with a generic one 0.10.4-6.el82.1 - Fixed running pcs status on remote nodes - Fixed ruby daemon closing connection...

Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1913 advisory. - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975. Related: rhbz1164004 - Fix REXML billion laughs attack via paramete...

Oracle Linux 6 : ruby (ELSA-2011-1581)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1581 advisory. - Update to Ruby 1.8.7-p352. Remove Patch43: ruby-1.8.7-CVE-2011-1004.patch; subsumed Remove Patch44: ruby-1.8.7-CVE-2011-1005.patch; subsumed Remove...