Search for packages
| purl | pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4qm3-nbsk-73he
Aliases: CVE-2011-4815 GHSA-xpr8-vpc7-7vfc OSV-78118 |
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. | There are no reported fixed by versions. |
|
VCID-4yvc-uzev-wua4
Aliases: CVE-2008-3655 GHSA-p524-ppf2-w36w |
Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. | There are no reported fixed by versions. |
|
VCID-5xez-skrj-b3h4
Aliases: CVE-2013-1821 GHSA-hgg7-cghq-xhf4 OSV-90587 |
Entity expansion DoS vulnerability in REXML `lib/rexml/text.rb` in the REXML parser allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. | There are no reported fixed by versions. |
|
VCID-91b7-xx8t-rqhr
Aliases: CVE-2017-10784 GHSA-369m-2gv6-mw28 |
Improper Authentication The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | There are no reported fixed by versions. |
|
VCID-a15m-bcma-vfa7
Aliases: CVE-2008-3656 GHSA-823x-6r7f-v9x6 |
Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. | There are no reported fixed by versions. |
|
VCID-arjz-geyr-q7e3
Aliases: CVE-2014-6438 GHSA-2j3h-55rq-rj48 |
ruby: Unsafe parsing of long strings via decode_www_form_component method | There are no reported fixed by versions. |
|
VCID-ea13-mua4-1fb9
Aliases: CVE-2008-1891 GHSA-rhf2-x48g-5wr7 |
ruby: WEBrick CGI source disclosure | There are no reported fixed by versions. |
|
VCID-fw7k-88kf-1kgg
Aliases: CVE-2008-3657 GHSA-5f6v-fgcw-j5px |
Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. | There are no reported fixed by versions. |
|
VCID-g7ju-q41v-wyhd
Aliases: CVE-2014-8090 GHSA-2x97-vvh4-m4q4 OSV-114641 |
security update | There are no reported fixed by versions. |
|
VCID-jj3a-fpsa-a7at
Aliases: CVE-2012-5371 GHSA-phrv-cj28-9h57 OSV-87863 |
Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. | There are no reported fixed by versions. |
|
VCID-pegr-f5mh-ekdz
Aliases: CVE-2008-3905 GHSA-vwcj-mf69-7rfw |
Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service. | There are no reported fixed by versions. |
|
VCID-qyz5-zmnt-qucy
Aliases: CVE-2018-8780 GHSA-fphx-j9v2-w2cx |
security update | There are no reported fixed by versions. |
|
VCID-rwak-wvuw-qbcg
Aliases: CVE-2014-4975 GHSA-gxj7-mcpg-jpr6 OSV-108971 |
security update | There are no reported fixed by versions. |
|
VCID-sf98-mryd-yfb3
Aliases: CVE-2015-9096 GHSA-2h3c-5vqm-gqfh |
security update | There are no reported fixed by versions. |
|
VCID-sfzh-hn56-hbak
Aliases: CVE-2026-27820 GHSA-g857-hhfv-j68w |
Buffer overflow vulnerability in Zlib::GzipReader A buffer overflow vulnerability exists in Zlib::GzipReader. This vulnerability has been assigned the CVE identifier CVE-2026-27820. We recommend upgrading the zlib gem. ## Details The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. ## Recommended action We recommend to update the zlib gem to version 3.2.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.2 users: Update to zlib 3.0.1 * For Ruby 3.3 users: Update to zlib 3.1.2 * You can use gem update zlib to update it. If you are using bundler, please add gem "zlib", ">= 3.2.3" to your Gemfile. ## Affected versions: zlib gem 3.2.2 or lower ## Credits Thanks to calysteon for reporting this issue. Also thanks to nobu for creating the patch. | There are no reported fixed by versions. |
|
VCID-t9y5-hd9b-bkc4
Aliases: CVE-2021-31810 GHSA-wr95-679j-87v9 |
Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-wzdf-d9fv-u3hh
Aliases: CVE-2014-8080 GHSA-ggvr-v7qh-jwjh OSV-113747 |
security update | There are no reported fixed by versions. |
|
VCID-x126-x9qm-e7d3
Aliases: CVE-2024-27282 GHSA-63cq-cj6g-qfr2 |
ruby: Arbitrary memory address read vulnerability with Regex search | There are no reported fixed by versions. |
|
VCID-xkd6-jvma-skfk
Aliases: CVE-2017-14064 GHSA-954h-8gv7-2q75 |
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-y56y-5am7-wkhr
Aliases: CVE-2019-16254 GHSA-w9fp-2996-hhwx |
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||