Design/Logic Flaw

A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...

CVE-2021-3413

CVE-2021-3413 affects Red Hat Satellite’s tfm-rubygem-foreman_azure_rm: versions before 2.2.0 expose the Azure Resource Manager secret key via API output JSON, leading to potential information disclosure. Root cause: credential leakage in the API surface. Impact per sources: data confidentiality ...

CVE-2021-3413

A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-4c57a892d1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-4c57a892d1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-edc673e864)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-edc673e864)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 32 Update: rubygem-kramdown-2.1.0-5.fc32

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

Fedora 33 : rubygem-kramdown (2021-4c57a892d1)

The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-4c57a892d1 advisory. - Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. CVE-2021-28834...

Fedora 32 : rubygem-kramdown (2021-edc673e864)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-edc673e864 advisory. - Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. CVE-2021-28834...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2021-139a6a2f9d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: rubygem-kramdown-2.3.1-1.fc34

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

CVE-2021-28834

A flaw was found in rubygem-kramdown. Rouge is a syntax highlighter used by kramdown. Restriction of the Rouge formatters to the Rouge::Formatters namespace does not occur when Ruby's constget method is called. This can lead to arbitrary classes being instantiated in situations where the...

Important: Red Hat Security Advisory: rubygem-em-http-request security update

An update for rubygem-em-http-request is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

rubygem-em-http-request: missing SSL hostname validation allows MITM

A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this vulnerability is to data confidentiality and integrity...

Fedora 33 : 1:rubygem-actionpack / 1:rubygem-activerecord (2021-b571fca1b8)

The remote Fedora 33 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2021-b571fca1b8 advisory. - The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability...

Fedora 32 : 1:rubygem-activerecord (2021-def0e32233)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-def0e32233 advisory. - The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability...

Fedora: Security Advisory for rubygem-activerecord (FEDORA-2021-def0e32233)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2021-b571fca1b8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-activerecord (FEDORA-2021-b571fca1b8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...