Lucene search
K

175 matches found

OSV
OSV
added 2019/11/26 5:15 p.m.2 views

ALPINE-CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions...

6.5CVSS7AI score0.03317EPSS
Exploits0References1
OSV
OSV
added 2019/11/20 12:0 a.m.2 views

UBUNTU-CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions...

6.5CVSS6.6AI score0.03317EPSS
Exploits0References5
OSV
OSV
added 2019/11/20 12:0 a.m.4 views

UBUNTU-CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

7.5CVSS6.6AI score0.05128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/10/22 12:0 a.m.4 views

PT-2019-5086

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.3.0 Description The issue is related to the Loofah gem for Ruby, where unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This could potentially allow a remote...

7.5CVSS6.5AI score0.01984EPSS
Exploits0References45
RedHat Linux
RedHat Linux
added 2019/08/06 12:40 p.m.8 views

ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

8.1CVSS7.3AI score0.07968EPSS
Exploits0References5
Prion
Prion
added 2019/07/30 10:15 p.m.24 views

Design/Logic Flaw

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'servercacert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the...

5.8CVSS7.3AI score0.00644EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/27 12:0 a.m.6 views

PT-2019-4672 · Ruby +8 · Ruby +8

Name of the Vulnerable Software and Affected Versions: Ruby versions 2.4.7 and earlier, 2.5.x through 2.5.6, 2.6.x through 2.6.4 Description: The issue is related to a regular expression Denial of Service caused by looping/backtracking in the WEBrick::HTTPAuth::DigestAuth class in Ruby. This can ...

9.8CVSS7.6AI score0.73927EPSS
Exploits32References359
OSV
OSV
added 2019/04/11 12:59 p.m.3 views

USN-3945-1 ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary commands. CVE-2019-8320 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7AI score0.04212EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2018/11/29 10:10 a.m.5 views

ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

8.1CVSS7.3AI score0.07968EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/29 9:56 a.m.5 views

rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...

7.5CVSS7.3AI score0.04809EPSS
Exploits0References5
OSV
OSV
added 2018/11/05 7:26 p.m.3 views

USN-3808-1 ruby1.9.1, ruby2.0, ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. CVE-2018-16395 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS6.7AI score0.10715EPSS
Exploits0References3
OSV
OSV
added 2018/04/13 3:35 p.m.4 views

USN-3621-2 ruby1.9.1, ruby2.0 regression

USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue due to an incomplete patch for CVE-2018-1000074. This update reverts the problematic patch pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that Ruby incorrectly...

7.8CVSS7.4AI score0.02982EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/04/03 10:29 p.m.0 views

CVE-2018-8780

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed...

9.1CVSS5.4AI score0.10098EPSS
Exploits0References27
ATTACKERKB
ATTACKERKB
added 2018/04/03 10:29 p.m.1 views

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

7.5CVSS5.4AI score0.07169EPSS
Exploits0References24
ATTACKERKB
ATTACKERKB
added 2018/04/03 10:29 p.m.0 views

CVE-2018-8778

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled informatio...

7.5CVSS5.8AI score0.07825EPSS
Exploits0References24
NVD
NVD
added 2018/04/03 10:29 p.m.14 views

CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

7.5CVSS8.5AI score0.07169EPSS
Exploits0References17
OSV
OSV
added 2018/04/03 10:29 p.m.3 views

ALPINE-CVE-2018-8777

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service memory consumption...

7.5CVSS6.8AI score0.04636EPSS
Exploits0References1
OSV
OSV
added 2018/04/03 10:29 p.m.2 views

ALPINE-CVE-2017-17742

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...

5.3CVSS6.9AI score0.0576EPSS
Exploits0References1
OSV
OSV
added 2018/04/03 10:29 p.m.2 views

DEBIAN-CVE-2017-17742

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick...

5.3CVSS9.3AI score0.0576EPSS
Exploits0References1
OSV
OSV
added 2018/04/03 10:29 p.m.5 views

ALPINE-CVE-2018-8779

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket...

7.5CVSS6.9AI score0.07169EPSS
Exploits0References1
Rows per page
Query Builder