Azure Linux 3.0 Security Update: ruby (CVE-2025-27220)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27220 advisory. - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the...

Important: ruby

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Debian: Security Advisory (DLA-3989-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:10860)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:10860 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

Fedora 41 : ruby (2024-cfcd6258fa)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cfcd6258fa advisory. Upgrade to Ruby 3.3.5. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

ruby3.3-rubygem-actionmailer-7.0-7.0.8.6-1.1 on GA media (moderate)

ruby3.3-rubygem-actionmailer-7.0-7.0.8.6-1.1 on GA media Announcement ID: openSUSE-SU-2024:14471-1 Rating: moderate Cross-References: CVE-2024-47889 CVSS scores: CVE-2024-47889 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Medium: ruby

Issue Overview: An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. CVE-2021-31799 Affected Packages: ruby Note:...

Medium: ruby

Issue Overview: A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of...

DLA-3360-1 ruby-sidekiq - security update

Bulletin has no description...

SUSE-SU-2022:3259-1 Security update for rubygem-kramdown

This update for rubygem-kramdown fixes the following issues: - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution bsc1174297...

SUSE-SU-2020:2929-1 Security update for rubygem-activesupport-4_2

This update for rubygem-activesupport-42 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186...

[SECURITY] Fedora 18 Update: ruby-1.9.3.484-32.fc18

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CentOS Update for ruby CESA-2013:0129 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Core 2 : ruby-1.8.1-6 (2004-264)

Thu Aug 19 2004 Akira TAGOH 1.8.1-6 - security fix CVE-2004-0755 - ruby-1.8.1-cgisessionperms.patch: sets the permission of the session data file to 0600. 130063 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...