rubygem-activerecord SQL注入漏洞

rubygem-activerecord is an application of rubygems open source. A security vulnerability exists in rubygem-activerecord. An attacker exploited the vulnerability to perform SQL injection attacks...

actionpack 安全漏洞

actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...

rubygem-rack 资源管理错误漏洞

rubygem-rack is an application in the rubygems open source. Rubygem-rack has a security vulnerability that stems from a denial of service in Content-Disposition parsing...

openSUSE 15 Security Update : rubygem-activerecord-5.2 (openSUSE-SU-2023:0009-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2023:0009-1 advisory. - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which...

OPENSUSE-SU-2023:0009-1 Security update for rubygem-activerecord-5.2

This update for rubygem-activerecord-5.2 fixes the following issues: - CVE-2022-32224: Fixed possible remote code execution when using YAML serialized columns in Active Record boo1201465...

Fedora 36 : rubygem-pdfkit (2022-3ec8272e72)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3ec8272e72 advisory. Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

Fedora 36 : rubygem-nokogiri (2022-acff3f54b2)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-acff3f54b2 advisory. A potential bug was found on nokogiri on or before 1.13.9 overlooked some return values from functions used internally. This can lead to raise some illegal...

Fedora 35 : rubygem-pdfkit (2022-6da143f1a2)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-6da143f1a2 advisory. Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-b5c325caad)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-acff3f54b2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-23517

An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption...

CVE-2022-23476

A denial of service flaw was found in rubygem-nokogiri. When parsing invalid markup, a NULL pointer exception may occur, which is a potential vector for a denial of service attack...

CVE-2022-23515

A Cross-site scripting vulnerability was found in rubygem loofah. While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks...

CVE-2022-23516

An uncontrolled recursion vulnerability was found in rubygem loofah. While sanitizing certain sections, loofah is susceptible to stack exhaustion, which can result in a denial of service through CPU resource consumption...

CVE-2022-23514

An inefficient regular expression vulnerability was found in rubygem loofah. While sanitizing certain SVG attributes, loofah is susceptible to excessive backtracking, which can result in a denial of service through CPU resource consumption...

Amazon Linux AMI : rubygem-nokogiri (ALAS-2022-1648)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1648 advisory. A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited deni...

SUSE-SU-2022:15116-1 Security update for rubygem-actionpack-3_2

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2021-22885: Fixed Possible Information Disclosure / Unintended Method Execution in Action Pack bsc1185715. - CVE-2016-2097: Fixed Possible Information Leak Vulnerability in Action View bsc968850...

Important: rubygem-nokogiri

Issue Overview: A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability...

FreeBSD : rubygem-cgi -- HTTP response splitting vulnerability (84ab03b6-6c20-11ed-b519-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 84ab03b6-6c20-11ed-b519-080027f5fec9 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response...

pcs security update

0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz2026725 rhbz2058243 0.11.3-2 - Fixed 'pcs resource restart' traceback - Resolves: rhbz2102663 0.11.3-1 -...