openSUSE: Security Advisory for rubygem-actionview-5_1 (openSUSE-SU-2020:0627-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2020:1178-1)

This update for rubygem-actionview-51 fixes the following issues : CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

openSUSE Security Update : rubygem-actionview-5_1 (openSUSE-2020-627)

This update for rubygem-actionview-51 fixes the following issues : - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text a...

Security update for rubygem-actionview-5_1 (moderate)

openSUSE Security Update: Security update for rubygem-actionview-51 Announcement ID: openSUSE-SU-2020:0627-1 Rating: moderate References: 1167240 Cross-References: CVE-2020-5267 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update...

OPENSUSE-SU-2020:0627-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project...

Fedora: Security Advisory for rubygem-json (FEDORA-2020-d171bf636d)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-json (FEDORA-2020-26df92331a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2020:1178-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240...

CVE-2020-5267

A flaw was found in rubygem-actionview. Views that use the j or escapejavascript methods may be susceptible to XSS attacks with ActionView's JavaScript literal escape helpers. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2019-16770

A flaw was found in rubygem-puma. A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacke...

Fedora 31 : rubygem-json (2020-26df92331a)

A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora 30 : rubygem-json (2020-d171bf636d)

A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora: Security Advisory for rubygem-rake (FEDORA-2020-dc1ae17bb5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-rake (FEDORA-2020-28e06b5f08)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-11020

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

Authentication flaw

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

CVE-2020-11020

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

CVE-2020-11020 Authentication and extension bypass in Faye

Faye NPM, RubyGem versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It...

CVE-2020-11020

Faye (NPM, RubyGem) up to versions before 1.0.4, 1.1.3, and 1.2.5 and older than 0.5.0 are vulnerable to an authentication bypass in the extension system. The issue allows a client to bypass server-side extension checks by appending extra segments to the message channel (e.g., through meta channe...

BSON rubygem contains potential denial of service

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...