Lucene search
K

78 matches found

AlpineLinux
AlpineLinux
added 2020/04/28 8:58 p.m.63 views

CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

7.5CVSS7.1AI score0.06811EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/03/31 12:0 a.m.10 views

PT-2020-2439

Name of the Vulnerable Software and Affected Versions Ruby versions 2.5.x through 2.5.7 Ruby versions 2.6.x through 2.6.5 Ruby version 2.7.0 Description An issue in Ruby may expose possibly sensitive data from the interpreter. This occurs when the BasicSocketread nonblock method is called with th...

9.8CVSS7.9AI score0.29726EPSS
Exploits9References133
OSV
OSV
added 2020/03/28 5:16 p.m.10 views

OPENSUSE-SU-2020:0395-1 Recommended update for ruby2.5

This update for ruby2.5 toversion 2.5.7 fixes the following issues: ruby 2.5 was updated to version 2.5.7 - CVE-2020-8130: Fixed a command injection in intree copy of rake bsc1164804. - CVE-2019-16255: Fixed a code injection vulnerability of Shell and Shelltest bsc1152990. - CVE-2019-16254: Fixed...

8.1CVSS6.9AI score0.29726EPSS
Exploits8References15
OSV
OSV
added 2019/12/17 12:0 a.m.30 views

DSA-4586-1 ruby2.5 - security update

Bulletin has no description...

8.1CVSS6.8AI score0.05128EPSS
Exploits1
AlmaLinux
AlmaLinux
added 2019/11/05 5:38 p.m.16 views

ruby:2.5 bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

8.8CVSS1.6AI score0.04212EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.39 views

RHEL 8 : ruby:2.5 (RHSA-2019:1972)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1972 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...

8.8CVSS8.1AI score0.03219EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.36 views

Oracle Linux 8 : ruby:2.5 (ELSA-2019-1972)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1972 advisory. - Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324 rubygem-mongo Tenable has extracted the preceding description block...

8.8CVSS8.2AI score0.03219EPSS
Exploits0References2
Prion
Prion
added 2018/03/13 3:29 p.m.22 views

Deserialization of untrusted data

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code...

6.8CVSS8.7AI score0.02982EPSS
Exploits0References18Affected Software1
Prion
Prion
added 2018/03/13 3:29 p.m.33 views

Input validation

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...

7.5CVSS9.2AI score0.03037EPSS
Exploits0References18Affected Software2
Prion
Prion
added 2018/03/13 3:29 p.m.23 views

Input validation

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can...

5CVSS7.1AI score0.03825EPSS
Exploits0References18Affected Software2
Prion
Prion
added 2018/03/13 3:29 p.m.24 views

Design/Logic Flaw

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

5CVSS8.4AI score0.05076EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2018/03/13 3:29 p.m.30 views

CVE-2018-1000076

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in...

9.8CVSS9.7AI score
Exploits0References18
Debian CVE
Debian CVE
added 2018/03/13 3:0 p.m.31 views

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS8.9AI score0.05076EPSS
Exploits0
CVE
CVE
added 2018/03/13 3:0 p.m.222 views

CVE-2018-1000075

CVE-2018-1000075 affects RubyGems: a negative-size condition in the ruby gem package tar header can cause an infinite loop. Affected ranges include RubyGems in the 2.2, 2.3, 2.4, and 2.5 series (e.g., 2.2.9 and earlier; 2.3.6 and earlier; 2.4.3 and earlier; 2.5.0 and earlier) up to trunk revision...

7.5CVSS8.4AI score0.04809EPSS
Exploits0References18Affected Software1
Cvelist
Cvelist
added 2018/03/13 3:0 p.m.24 views

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

8.6AI score0.05076EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2018/03/13 12:0 a.m.28 views

CVE-2018-1000079

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...

5.5CVSS6.8AI score0.02876EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/03/13 12:0 a.m.34 views

CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS6.8AI score0.05076EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2016/10/03 12:0 a.m.9 views

PT-2019-4673 · Puma +9 · Puma +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.4.8 Ruby versions 2.5.x through 2.5.6 Ruby versions 2.6.x through 2.6.4 Puma versions prior to 3.12.3 Puma versions prior to 4.3.2 Description: The issue is related to incorrect handling of special elements in the...

9.8CVSS6.6AI score0.73927EPSS
Exploits42References407
Rows per page
Query Builder