Cross site scripting

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

RubyGems Authorization Issues Vulnerability

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems has an authorization issue vulnerability that stems from allowing an attacker to bypass MFA requirements and take over an account...

Rocky Linux 8 : ruby:2.5 (RLSA-2019:1972)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:1972 advisory. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could...

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

MAL-2023-8322 Malicious code in investing_parameters (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3fa4a6c4b0b94b2b009c0377390aeee029c2d9024af134c4697f3c8cdfb1f916 The OpenSSF Package Analysis project identified 'investingparameters' @ 1.2.1 rubygems as malicious. It is considered malicious because: - The...

Oracle Linux 7 : ruby (ELSA-2019-2028)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2028 advisory. - Introduce 'Gem::UserInteractionverbose' method as precondition to fix CVE-2019-8321. rubygems-2.3.0-refactor-checking-reallyverbose.patch - Fix escap...

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

CVE-2023-40165

The CVE-2023-40165 entry concerns RubyGems.org, the Ruby community gem hosting service. The vulnerability arose from insufficient input validation that allowed replacement of uploaded gems whose platform, version, or gem name matched “/-\d/,” enabling a malicious upload to temporarily override a ...

CVE-2023-40165 Unauthorized gem replacement for full names ending in numbers on rubygems.org

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

RubyGems 输入验证错误漏洞

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used to distribute and manage Ruby packages. RubyGems suffers from an input validation error vulnerability that stems from insufficient input validation and allows malicious actors to replace files...

MAL-2023-1436 Malicious code in puppet-module-posix-system-r3.2 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 rubygems as malicious. It is considered malicious...

Malicious code in puppet-module-posix-system-r3.2 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 rubygems as malicious. It is considered malicious...

MAL-2023-1433 Malicious code in puppet-module-posix-system-r (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2ad3a13f7c087320a9f4bf76203fd40172a2b55172dec3ac957ad4d265c01425 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r' @ 1.0.0 rubygems as malicious. It is considered malicious because...

CVE-2023-31606

The HTML sanitizer function in Rubygems' Redcloth incorrectly handles regular expression inputs. This issue could allow an attacker to send a malicious regexp to the server and cause a denial of service...

pcs security update

0.11.4-7 - Fix displaying differences between configuration checkpoints in "pcs config checkpoint diff" command - Fix "pcs stonith update-scsi-devices" command which was broken since Pacemaker-2.1.5-rc1 - Fixed loading of cluster status in the web interface when fencing levels are configured -...

MAL-2023-1426 Malicious code in google-apis-androidpublisher_v2 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 715b9e91530380e15e848bc0374f342584cdd61853308582683eb214e0da9927 The OpenSSF Package Analysis project identified 'google-apis-androidpublisherv2' @ 0.0 rubygems as malicious. It is considered malicious because...

MAL-2023-1434 Malicious code in systemd-daemon (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 41aacbd733d26afad7933e31f87d51fa0d748969082bd229cc90b3bdbf2d7b9b The OpenSSF Package Analysis project identified 'systemd-daemon' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2023-1430 Malicious code in naveen4gem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f434b9b8cbf657627010562fe56245ba16cc930cdd82258625fd29bab68205c The OpenSSF Package Analysis project identified 'naveen4gem' @ 1.1.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2023-1431 Malicious code in naveengem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12a3ed7380fdb815c2f8c5a086b33d516acc0bbdaab4d4df8203efed20ae348b The OpenSSF Package Analysis project identified 'naveengem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...