AZL-11396 CVE-2022-39379 affecting package rubygem-fluentd for versions less than 1.14.6-2

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

SUSE SLES12 Security Update : rubygem-puppet (SUSE-SU-2022:3794-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3794-1 advisory. - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

SUSE-SU-2022:3621-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper bsc1199060...

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2022:3571-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3571-1 advisory. - Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not...

SUSE-SU-2022:3571-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant bsc1197818...

Fedora: Security Advisory for rubygem-pdfkit (FEDORA-2022-6da143f1a2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SQLite3 addresses vulnerability in packaged version of libsqlite

Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the...

GHSA-MGVV-5MXP-XQ67 SQLite3 addresses vulnerability in packaged version of libsqlite

Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the...

SUSE SLES15 Security Update : rubygem-rack (SUSE-SU-2022:3347-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3347-1 advisory. - A directory traversal vulnerability exists in rack 2.2.0 that allows an attacker perform directory traversal vulnerability in the...

SUSE-SU-2022:3347-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be used to overwrite existing prefixed cookie names bsc1173351. - CVE-2020-8161: Fixed directory traversal in Rack:Directory bsc1172037...

SUSE-SU-2022:3339-1 Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma

This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues: Security fixes included in this update:...

SUSE-SU-2022:3338-1 Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma

This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues: Security updates included on this update: ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates,...

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2. A patched version of the package is available...

SUSE SLES15 Security Update : rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3259-1 advisory. - The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read...

openSUSE: Security Advisory for rubygem-kramdown (SUSE-SU-2022:3259-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-7c8b29195f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:3212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3212-1 Security update for rubygem-rake

This update for rubygem-rake fixes the following issues: - CVE-2020-8130: Fixed a command injection when supplying a filename that began with the pipe character bsc1164804...

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-de968d1b6c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...