CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

170 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в jruby

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby, up to 3.2.1. The URI parser improperly handles invalid URLs that contain specific characters. This leads to an increase in the execution time required to parse strings into URI objects. The fixed versions are 0.12.1, 0.11.1...

5.3CVSS6.8AI score0.00337EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в jruby

Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...

5.3CVSS6.8AI score0.01152EPSS

Exploits0References1

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

7.5CVSS7.3AI score0.00576EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в ruby2.5

In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...

7CVSS7.1AI score0.00351EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в ruby2.5

There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...

7.5CVSS6.9AI score0.00306EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в ruby2.5

A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...

4.5CVSS7.4AI score0.02433EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в ruby2.5, jruby

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS6.8AI score0.00074EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в ruby2.5

A buffer-overread issue was discovered in StringIO 3.0.1, which is available in Ruby 3.0.x through 3.0.6, and in Ruby 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is...

9.8CVSS6.8AI score0.0883EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в ruby2.5, jruby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a specified IP address and port. This potentially allows curl to extract information about services that would...

5.8CVSS6.7AI score0.00632EPSS

Exploits1References2

Chainguard•added 2026/04/11 2:19 a.m.•2 views

GHSA-33QG-7WPP-89CQ vulnerabilities

Vulnerabilities for packages: pact-broker-docker-fips, ruby4.0-rails, pact-broker-docker, ruby3.3-rails, logstash, ruby3.2-rails, ruby3.4-rails...

5.8AI score

Exploits0

Github Security Blog•added 2026/04/08 12:5 a.m.•3 views

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

7.5CVSS5.8AI score0.00027EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/02/02 12:0 a.m.•4 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2026-1215)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

7.5CVSS7AI score0.00156EPSS

Exploits0References2

OpenVAS•added 2025/10/28 12:0 a.m.•2 views

Ubuntu: Security Advisory (USN-7840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.07595EPSS

Exploits1References2