The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4499 advisory. * rubygem-uri: ReDoS vulnerability – upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617) * ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280) * ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281) * ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282) * REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176) Tenable has extracted the preceding description block directly from the Rocky Linux security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version…Read More
References
Back to Main