RHEL 6 / 7 : rh-ror42-rubygem-actionpack (RHSA-2019:1149)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1149 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the vi...

RHEL 6 / 7 : rh-ror42-rubygem-sprockets (RHSA-2018:2244)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2244 advisory. Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as...

SUSE: Security Advisory (SUSE-SU-2024:3873-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:3877-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3877-1 advisory. - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rubygem-bundler (SUSE-SU-2024:3873-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3873-1 advisory. - CVE-2021-43809: Fixed remote execution via Gemfile argument injection bsc1193578 Tenable has extracted...

SUSE SLES15 Security Update : rubygem-actionmailer-5_1 (SUSE-SU-2024:3878-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:3878-1 advisory. - CVE-2024-47889: Fixed Possible ReDoS vulnerability in blockformat in Action Mailer bsc1231723. Tenable has extracted the preceding description block...

Security update for rubygem-actionmailer-5_1

This update for rubygem-actionmailer-51 fixes the following issues: CVE-2024-47889: Fixed Possible ReDoS vulnerability in blockformat in Action Mailer bsc1231723. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2024:3878-1 Security update for rubygem-actionmailer-5_1

This update for rubygem-actionmailer-51 fixes the following issues: - CVE-2024-47889: Fixed Possible ReDoS vulnerability in blockformat in Action Mailer bsc1231723...

SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...

Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issues: CVE-2021-43809: Fixed remote execution via Gemfile argument injection bsc1193578 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

SUSE-SU-2024:3873-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issues: - CVE-2021-43809: Fixed remote execution via Gemfile argument injection bsc1193578...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2024:3644-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3644-1 advisory. - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked...

openSUSE Security Advisory (SUSE-SU-2024:3644-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies bsc1218638. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2024:3644-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies bsc1218638...

CVE-2024-47889

A flaw was found in the rubygem actionmailer. Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a denial of service. Mitigation Users can avoid calling the blockformat helper or upgrade to Ruby 3.2...

CVE-2024-41128

A flaw was found in rubygem actionpack. Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a denial of service...

CVE-2024-39908 affecting package rubygem-rexml for versions less than 3.3.4-1

CVE-2024-39908 affecting package rubygem-rexml for versions less than 3.3.4-1. An upgraded version of the package is available that resolves this issue...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-41946)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41946 advisory. - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses a...

CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.2.7-2

CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.2.7-2. A patched version of the package is available...