Download
| Alert*
|
oval:org.secpod.oval:def:4500071
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ... oval:org.secpod.oval:def:66714 Several vulnerabilities have been discovered in the interpreter for the Ruby language. CVE-2020-10663 Jeremy Evans reported an unsafe object creation vulnerability in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in t ... oval:org.secpod.oval:def:506171 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby25-ruby . Security Fix: * ruby: NUL injection vulnerability of File.fn ... oval:org.secpod.oval:def:604918 Several vulnerabilities have been discovered in the interpreter for the Ruby language. CVE-2020-10663 Jeremy Evans reported an unsafe object creation vulnerability in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in t ... oval:org.secpod.oval:def:118245 Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks . It is simple, straight-forward, and extensible. oval:org.secpod.oval:def:2106068 Oracle Solaris 11 - ( CVE-2020-10663 ) oval:org.secpod.oval:def:70551 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:506239 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * ruby: NUL injection vulnerability of File.fnmatch and ... oval:org.secpod.oval:def:74243 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * ruby: NUL injection vulnerability of File.fnmatch and ... oval:org.secpod.oval:def:118140 This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language. oval:org.secpod.oval:def:1601191 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269 , but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing ... oval:org.secpod.oval:def:89050368 This update for ruby2.5 to version 2.5.8 fixes the following issues: - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON . - CVE-2020-10933: Heap exposure vulnerability in the socket library . oval:org.secpod.oval:def:705937 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:1601188 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269 , but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing ... oval:org.secpod.oval:def:70425 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:70547 ruby2.7: Object-oriented scripting language - ruby2.5: Object-oriented scripting language - ruby2.3: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:4500081 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ... oval:org.secpod.oval:def:506185 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby26-ruby . Security Fix: * rubygem-bundler: Insecure permissions on dir ... oval:org.secpod.oval:def:118137 This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language. oval:org.secpod.oval:def:74244 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * rubygem-bundler: Insecure permissions on directory in ... oval:org.secpod.oval:def:506229 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . Security Fix: * rubygem-bundler: Insecure permissions on directory in ... oval:org.secpod.oval:def:1505000 ruby [2.5.9-107] - Update to Ruby 2.5.9. * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed Resolves: rhbz#1952626 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz#1955010 oval:org.secpod.oval:def:1700623 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269 , but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing ... oval:org.secpod.oval:def:1601180 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, an ... oval:org.secpod.oval:def:1504239 [0.10.4-6.0.1.el8_2.1] - Replace HAM-logo.png with a generic one [0.10.4-6.el8_2.1] - Fixed running pcs status on remote nodes - Fixed ruby daemon closing connection after 30s - Fixed inability to create colocation constraint in webUI - Updated bundled rubygem-json - Resolves: rhbz#1832914 rhbz#1838 ... oval:org.secpod.oval:def:67581 The host is installed with Apple MacOS 11 before 11.0.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle improper checks in json gem. Successful exploitation could allow attackers to coerce json gem into creating arbitrar ... oval:org.secpod.oval:def:1505007 ruby [2.6.7-107] - Upgrade to Ruby 2.6.7. Resolves: rhbz#1952627 - Resolv::DNS: timeouts if multiple IPv6 name servers are given an address containing leading zero Resolves: rhbz#1954968 - Fix: Rubygem-bundler: Don"t use insecure tmp directory as home allows for execution of malicious code. Resolves ... oval:org.secpod.oval:def:2500368 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:2500442 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. oval:org.secpod.oval:def:1601181 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. N ... oval:org.secpod.oval:def:1701652 jQuery before 1.9.0 is vulnerable to Cross-site Scripting attacks. The jQuery function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the 'less than' character anywhere in the string, giving attac ... oval:org.secpod.oval:def:89002928 This update for ruby2.1 fixes the following issues: Security issues fixed: - CVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command . - CVE-2016-7798: Fixed an IV Reuse in GCM Mode . - CVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf ... oval:org.secpod.oval:def:67567 The host is missing a security update according to Apple advisory, APPLE-SA-2020-11-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code or caus ... |
