Oracle Linux 9 : pcs (ELSA-2025-20962)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20962 advisory. - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945,...

openSUSE Security Advisory (SUSE-SU-2025:4273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: Update to version 2.2.20 bsc1251936 CVE-2025-61919: Fixed application/x-www-form-urlencoded, callingrack.input.readnil without enforcing a length or cap bsc1251936 CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile allows...

RockyLinux 9 : pcs (RLSA-2025:20962)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20962 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's unbound...

AlmaLinux 8 : pcs (ALSA-2025:19719)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19719 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's unbounde...

TencentOS Server 3: pcs (TSSA-2023:0091)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0091 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

[SECURITY] Fedora 41 Update: rubygem-rack-2.2.21-1.fc41

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

Fedora 42 : rubygem-rack (2025-eae2126736)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-eae2126736 advisory. Update to Rack 2.2.21 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 43 : rubygem-rack (2025-b6e0f437b6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b6e0f437b6 advisory. Update to Rack 3.1.19 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 41 : rubygem-rack (2025-a35addbf9b)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a35addbf9b advisory. Update to Rack 2.2.21 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Photon OS 4.0: Rubygem PHSA-2025-4.0-0903

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0903. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Critical Photon OS Security Update - PHSA-2025-4.0-0903

Updates of 'lasso', 'polkit', 'curl', 'rubygem-yajl-ruby' packages of Photon OS have been released...

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

CVE-2025-12790

Rubygem MQTT is affected by CVE-2025-12790 due to lack of hostname validation in the MQTT library, enabling potential MITM attacks. The issue is described across multiple connected sources as a vulnerability in the Rubygem MQTT package where hostname verification is not performed by default, allo...

CVE-2025-12790 Rubygem-mqtt: rubygem-mqtt hostname validation

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

CVE-2025-12790 Rubygem-mqtt: rubygem-mqtt hostname validation

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

CVE-2025-12790

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

PT-2025-45377

Name of the Vulnerable Software and Affected Versions Rubygem MQTT affected versions not specified Description The Rubygem MQTT package did not have hostname validation enabled by default, which could allow for a Man-in-the-Middle MITM attack. This means a malicious actor could potentially...

MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...