CVE-2020-7019 affecting package rubygem-elasticsearch 7.6.0-1

CVE-2020-7019 affecting package rubygem-elasticsearch 7.6.0-1. An upgraded version of the package is available that resolves this issue...

Debian DLA-3023-1 : puma - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3023 advisory. Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not alwa...

CVE-2022-29181

A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability. Mitigation To avoid thi...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-0071328464)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:1729-1 Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud

This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues: Security fixes included on...

new packages: rubygem-pg

An update is available for rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: rubygem-mysql2

An update is available for rubygem-mysql2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

openSUSE: Security Advisory for rubygem-puma (SUSE-SU-2022:1515-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1

CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1. An upgraded version of the package is available that resolves this issue...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-d231cb5e1f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.4-1.fc36

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

GHSA-33VG-HPX5-PFXG omniauth-facebook Improper Authentication vulnerability

RubyGem omniauth-facebook has an access token security vulnerability...

omniauth-facebook Improper Authentication vulnerability

RubyGem omniauth-facebook has an access token security vulnerability...

GHSA-77XQ-7C6P-6XP6 RubyGem openshift-origin-controller is vulnerable to command injection

rubygem-openshift-origin-controller: API can be used to create applications via cartridgecache.rb URI.prase to perform command injection...

RubyGem openshift-origin-controller is vulnerable to command injection

rubygem-openshift-origin-controller: API can be used to create applications via cartridgecache.rb URI.prase to perform command injection...

RubyGem openshift-origin-controller is vulnerable to command injection

'rubygem-openshift-origin-controller: API can be used to create applications via cartridgecache.rb URI.prase to perform command injection'...

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2022:1515-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1515-1 advisory. - Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only...

SUSE-SU-2022:1515-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: rubygem-puma was updated to version 4.3.11: CVE-2021-29509: Adjusted an incomplete fix for allows Denial of Service DoS bsc1188527 CVE-2021-41136: Fixed request smuggling if HTTP header value contains the LF character bsc1191681...

CVE-2022-27777

A flaw was found in rubygem-actionview when untrusted data such as the hash key for tag attributes are not properly escaped. This flaw allows an attacker to perform a Cross-site scripting attack...

CVE-2022-22577

A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...