Download
| Alert*
oval:org.secpod.oval:def:4500071
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ... oval:org.secpod.oval:def:506171 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby25-ruby . Security Fix: * ruby: NUL injection vulnerability of File.fn ... oval:org.secpod.oval:def:705294 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:2105453 Oracle Solaris 11 - ( CVE-2019-16201 ) oval:org.secpod.oval:def:506239 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * ruby: NUL injection vulnerability of File.fnmatch and ... oval:org.secpod.oval:def:74243 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * ruby: NUL injection vulnerability of File.fnmatch and ... oval:org.secpod.oval:def:2004684 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. N ... oval:org.secpod.oval:def:604650 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code. oval:org.secpod.oval:def:61476 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code. oval:org.secpod.oval:def:69796 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code. oval:org.secpod.oval:def:604649 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code. oval:org.secpod.oval:def:4500081 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ... oval:org.secpod.oval:def:506185 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby26-ruby . Security Fix: * rubygem-bundler: Insecure permissions on dir ... oval:org.secpod.oval:def:74244 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * rubygem-bundler: Insecure permissions on directory in ... oval:org.secpod.oval:def:506229 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * rubygem-bundler: Insecure permissions on directory in ... oval:org.secpod.oval:def:1505000 ruby [2.5.9-107] - Update to Ruby 2.5.9. * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz#1952626 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz#1955010 oval:org.secpod.oval:def:60438 The host is installed with Ruby 2.3 or earlier, 2.4.x through 2.4.7, 2.5.x through 2.5.6 or 2.6.x through 2.6.4 and is prone to an HTTP response splitting vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. An attacker can exploit it to insert a newli ... oval:org.secpod.oval:def:1505007 ruby [2.6.7-107] - Upgrade to Ruby 2.6.7. Resolves: rhbz#1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing leading zero Resolves: rhbz#1954968 - Fix: Rubygem-bundler: Don"t use insecure tmp directory as home allows for execution of malicious code. Resolves ... oval:org.secpod.oval:def:2500368 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:60796 ruby2.5: Interpreter of object-oriented scripting language Ruby - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:2500442 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:1601181 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. N ... oval:org.secpod.oval:def:89044022 This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake . - CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and Shell#test . - CVE-2019-16254: Fixed am HTTP response s ... oval:org.secpod.oval:def:1701652 jQuery before 1.9.0 is vulnerable to Cross-site Scripting attacks. The jQuery function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the 'less than' character anywhere in the string, giving attac ... oval:org.secpod.oval:def:89002928 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command . - CVE-2016-7798: Fixed an IV Reuse in GCM Mode . - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf ... oval:org.secpod.oval:def:1702164 A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby scrip ... |