CVE-2020-26254 omniauth-apple allows attacker to fake their email address during authentication

omniauth-apple is the OmniAuth strategy for "Sign In with Apple" RubyGem omniauth-apple. In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the...

CVE-2020-26254

The CVE concerns the RubyGem omniauth-apple, used as an OmniAuth strategy for Sign In with Apple. In affected versions prior to 1.0.1, an attacker can set the value of info.email in OmniAuth's Auth Hash Schema to an arbitrary email (including others’ addresses). This can enable spoofed identities...

2.5 bug fix update

An update is available for rubygem-bson, rubygem-mysql2, rubygem-bundler, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1677)

This update for rubygem-activesupport-51 fixes the following issues : - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1679)

This update for rubygem-activesupport-51 fixes the following issues : - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

openSUSE: Security Advisory for rubygem-activesupport-5_1 (openSUSE-SU-2020:1679-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1679-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-activesupport-5_1 (critical)

openSUSE Security Update: Security update for rubygem-activesupport-51 Announcement ID: openSUSE-SU-2020:1679-1 Rating: critical References: 1172186 Cross-References: CVE-2020-8165 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This...

openSUSE: Security Advisory for rubygem-activesupport-5_1 (openSUSE-SU-2020:1677-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1677-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-activesupport-5_1 (critical)

openSUSE Security Update: Security update for rubygem-activesupport-51 Announcement ID: openSUSE-SU-2020:1677-1 Rating: critical References: 1172186 Cross-References: CVE-2020-8165 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This...

SUSE-SU-2020:2911-1 Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client

This update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano,...

SUSE-SU-2020:2899-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186...

CVE-2020-8264

A flaw was found in rubygem-actionpack. A XSS vulnerability in Action Pack's Actionable Exceptions middleware while the application server is in development mode is possible. The highest threat from this vulnerability is to data confidentiality and integrity...

[SECURITY] Fedora 33 Update: rubygem-image_processing-1.11.0-1.fc33

High-level wrapper for processing images for the web with ImageMagick or libvips...

[SECURITY] Fedora 33 Update: rubygem-activemodel-6.0.3.3-1.fc33

A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...

[SECURITY] Fedora 33 Update: rubygem-activestorage-6.0.3.3-1.fc33

Attach cloud and local files in Rails applications...

[SECURITY] Fedora 33 Update: rubygem-activesupport-6.0.3.3-1.fc33

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

[SECURITY] Fedora 33 Update: rubygem-activerecord-6.0.3.3-1.fc33

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 33 Update: rubygem-railties-6.0.3.3-1.fc33

Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: handles all the bootstrapping process for a Rails application; manages rails command line interface; provides Rails generators core;...