Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

pcs security update

0.10.18-2.0.1.el810.5 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.5 - Fixed CVE-2024-52804 by patching bundled Tornado Resolves: RHEL-93167 - Fixed CVE-2025-46727 by updating bundled rubygem rack Resolves: RHEL-90147...

RHEL 9 : pcs (RHSA-2025:8256)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8256 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack:...

CVE-2021-21288

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for...

CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability...

Photon OS 4.0: Rubygem PHSA-2025-4.0-0804

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0804. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

openSUSE Security Advisory (SUSE-SU-2025:01586-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:01586-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01586-1 advisory. - CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. - CVE-2025-3244...

Critical Photon OS Security Update - PHSA-2025-4.0-0804

Updates of 'dotnet-runtime', 'rubygem-jmespath', 'rubygem-kubeclient', 'dotnet-sdk' packages of Photon OS have been released...

SUSE-SU-2025:01586-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. - CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middlewar...

ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 on GA media (moderate)

ruby3.4-rubygem-rails-html-sanitizer-1.6.0-1.7 on GA media Announcement ID: openSUSE-SU-2025:15125-1 Rating: moderate Cross-References: CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 CVE-2018-3741 CVE-2022-23517 CVE-2022-23518 CVE-2022-23519 CVE-2022-23520 CVE-2022-32209 CVSS scores: CVE-2018-3741 SUS...

ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media (moderate)

ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media Announcement ID: openSUSE-SU-2025:15127-1 Rating: moderate Cross-References: CVE-2018-3760 CVSS scores: CVE-2018-3760 SUSE : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one...

ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-actiontext-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15111-1 Rating: moderate Cross-References: CVE-2024-34341 CVE-2024-47888 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all securit...

OPENSUSE-SU-2025:15119-1 ruby3.4-rubygem-kramdown-2.4.0-1.15 on GA media

These are all security issues fixed in the ruby3.4-rubygem-kramdown-2.4.0-1.15 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15122-1 ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media

These are all security issues fixed in the ruby3.4-rubygem-multixml-0.6.0-1.29 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15127-1 ruby3.4-rubygem-sprockets-4.2.1-1.7 on GA media

These are all security issues fixed in the ruby3.4-rubygem-sprockets-4.2.1-1.7 package on the GA media of openSUSE Tumbleweed...

rubygem-rack: Possible Log Injection in Rack::CommonLogger

A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...

openSUSE Security Advisory (SUSE-SU-2025:1492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : rubygem-rack-1_6 (SUSE-SU-2025:1492-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1492-1 advisory. - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Tenable has extracted the preceding description block directly from the SUSE...