OPENSUSE-SU-2025:14876-1 ruby3.4-rubygem-rack-2.2-2.2.13-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.13-1.1 package on the GA media of openSUSE Tumbleweed...

Photon OS 5.0: Rubygem PHSA-2025-5.0-0485

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0485. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Rubygem PHSA-2025-4.0-0765

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0765. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Critical Photon OS Security Update - PHSA-2025-4.0-0765

Updates of 'libxml2', 'rubygem-activesupport', 'gettext' packages of Photon OS have been released...

CVE-2025-27111

A flaw was found in Rack Rubygem, where the Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. This flaw allows an attacker to inject escape sequences, such as newline characters, into the header, resulting in log injection. Mitigation To mitigate this...

Linux Distros Unpatched Vulnerability : CVE-2021-32823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in...

Linux Distros Unpatched Vulnerability : CVE-2018-1000076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

CVE-2024-39908 affecting package rubygem-rexml for versions less than 3.2.7-4

CVE-2024-39908 affecting package rubygem-rexml for versions less than 3.2.7-4. A patched version of the package is available...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-39908)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39908 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when...

openSUSE Security Advisory (SUSE-SU-2024:0103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2025:14821-1 ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-grpc-1.70.1-1.1 package on the GA media of openSUSE Tumbleweed...

ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.11-1.1 on GA media Announcement ID: openSUSE-SU-2025:14811-1 Rating: moderate Cross-References: CVE-2013-0262 CVE-2013-0263 CVE-2015-3225 CVE-2018-16471 CVE-2019-16782 CVE-2020-8184 CVE-2022-30122 CVE-2022-30123 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572...

Azure Linux 3.0 Security Update: rubygem-yajl-ruby (CVE-2022-24795)

The version of rubygem-yajl-ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24795 advisory. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the...

BIT-RUBY-MIN-2020-5247 HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14679-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-activestorage-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14677-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed...

CVE-2022-4904 affecting package rubygem-mini_portile2 2.8.0-1

CVE-2022-4904 affecting package rubygem-miniportile2 2.8.0-1. This CVE either no longer is or was never applicable...

CVE-2021-41186 affecting package rubygem-fluentd 1.11.0-1

CVE-2021-41186 affecting package rubygem-fluentd 1.11.0-1. No patch is available currently...

openSUSE 15 Security Update : rubygem-json-jwt (openSUSE-SU-2025:0004-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0004-1 advisory. - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes...

openSUSE Security Advisory (openSUSE-SU-2025:0004-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...