Synopsis
Moderate: pcs security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for pcs is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pr ...
Synopsis
Moderate: pcs security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for pcs is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabil ...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language
CVE-2020-10663
Jeremy Evans reported an unsafe object creation vulnerability in the
json gem bundled with Ruby When parsing certain JSON documents, the
json gem can be coerced into creating arbitrary objects in the
target system
CVE-2020-10933
...
The JSON gem through 220 for Ruby, as used in Ruby 24 through 249, 25 through 257, and 26 through 265, has an Unsafe Object Creation Vulnerability This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby Specifically, use of JSON parsing methods can lead to creation of a malicious object ...
jQuery before 190 is vulnerable to Cross-site Scripting (XSS) attacks The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to ...
The JSON gem through 220 for Ruby, as used in Ruby 24 through 249, 25 through 257, and 26 through 265, has an Unsafe Object Creation Vulnerability This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby Specifically, use of JSON parsing methods can lead to creation of a malicious object ...
The JSON gem through 220 for Ruby, as used in Ruby 24 through 249, 25 through 257, and 26 through 265, has an Unsafe Object Creation Vulnerability This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby Specifically, use of JSON parsing methods can lead to creation of a malicious object ...
An issue was discovered in Ruby before 238, 24x before 245, 25x before 252, and 26x before 260-preview3 It does not taint strings that result from unpacking tainted strings with some formats (CVE-2018-16396)
The JSON gem through 220 for Ruby, as used in Ruby 24 through 249, 25 through 257, and 26 through 265, has an Unsaf ...
Ruby through 247, 25x through 256, and 26x through 264 allows HTTP Response Splitting If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients NOTE: this issue exists because of an incomplete fi ...