AlmaLinux 8 : ruby:2.7 (ALSA-2021:2584)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2584 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted the...

AlmaLinux 8 : ruby:2.6 (ALSA-2021:2588)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:2588 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability of...

Medium: ruby

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could...

Debian dla-3516 : burp - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3516 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3516-1 [email protected]...

AZL-27830 CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...

EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2023-2486)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

The vulnerability of the CGI programming language Ruby allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the CGI programming language Ruby is related to the occurrence of interpretation conflicts when unreliable input data is inserted into the HTTP response header. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and...

The vulnerability of the Ruby programming language’s URI component lies in the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.

The vulnerability of the Ruby programming language’s URI component is related to the incorrect handling of invalid URL addresses. Exploiting this vulnerability allows a remote attacker to cause service failures...

Oracle Linux 9 : pcs (ELSA-2023-12595)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12595 advisory. 0.11.4-7 - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2366)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

Debian dla-3480 : ruby-redcloth - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3480 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3480-1 [email protected] https://www.debian.org/lts/security/...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2023-2392)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific...

Debian: Security Advisory (DLA-3480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in systemd-daemon (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41aacbd733d26afad7933e31f87d51fa0d748969082bd229cc90b3bdbf2d7b9b The OpenSSF Package Analysis project identified 'systemd-daemon' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The packag...

Internet Bug Bounty: CVE-2023-36617: ReDoS vulnerability in URI (Ruby)

A ReDoS vulnerability was discovered in the URI component of the Ruby uri gem versions 0.12.1 and earlier. The vulnerability allowed for the mishandling of invalid URLs with specific characters, resulting in an increase in execution time for parsing strings to URI objects. This issue was a result...

Internet Bug Bounty: [CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON

A deserialization vulnerability was discovered in the Kredis JSON deserialization code, allowing for the potential deserialization of untrusted data. This could result in unexpected objects being deserialized in the system. The vulnerability has been assigned the CVE identifier CVE-2023-27531...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2366)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2392)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in naveen4gem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f434b9b8cbf657627010562fe56245ba16cc930cdd82258625fd29bab68205c The OpenSSF Package Analysis project identified 'naveen4gem' @ 1.1.0 rubygems as malicious. It is considered malicious because: - The package...

OESA-2023-1427 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser...