Lucene search
K

274 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:36 a.m.8 views

CVE-2013-5647

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

7.5CVSS8.3AI score0.01987EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 a.m.6 views

CVE-2013-4457

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...

6.8CVSS7.7AI score0.01453EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:15 a.m.7 views

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

7.5CVSS6.7AI score0.00618EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS8.1AI score0.00626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.10 views

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1440)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/20 12:0 a.m.14 views

Azure Linux 3.0 Security Update: ruby (CVE-2025-27220)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27220 advisory. - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the...

7.5CVSS7.1AI score0.00702EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/20 12:0 a.m.29 views

Azure Linux 3.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

7.5CVSS7.1AI score0.00784EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/04/19 12:20 a.m.7 views

CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3

CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3. A patched version of the package is available...

5.3CVSS7.3AI score0.00472EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/04/16 3:8 p.m.8 views

CVE-2025-25186 affecting package ruby for versions less than 3.3.5-2

CVE-2025-25186 affecting package ruby for versions less than 3.3.5-2. A patched version of the package is available...

6.5CVSS7AI score0.00578EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.48 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1326)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.7 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1343)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/25 12:0 a.m.18 views

Photon OS 5.0: Ruby PHSA-2025-5.0-0488

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0488. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.5AI score0.00784EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.12 views

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

7.5CVSS7.1AI score0.00784EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.12 views

CBL Mariner 2.0 Security Update: ruby (CVE-2025-27221)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27221 advisory. - In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent...

5.3CVSS6.9AI score0.00472EPSS
Exploits0References2
Veracode
Veracode
added 2025/03/19 6:8 p.m.21 views

Remote Code Execution (RCE)

graphql-ruby is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe schema loading due to the ability to execute arbitrary code when processing a malicious schema definition using GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load from an untrusted source...

9CVSS8.6AI score0.02865EPSS
Exploits2References15Affected Software1
CBLMariner
CBLMariner
added 2025/03/19 3:8 p.m.6 views

CVE-2025-27221 affecting package ruby for versions less than 3.1.4-9

CVE-2025-27221 affecting package ruby for versions less than 3.1.4-9. A patched version of the package is available...

5.3CVSS6.9AI score0.00472EPSS
Exploits0
NVD
NVD
added 2025/03/12 7:15 p.m.27 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.02865EPSS
Exploits2References11
NVD
NVD
added 2025/03/12 2:15 p.m.8 views

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS0.00665EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/03/12 1:51 p.m.8 views

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS7.3AI score0.00665EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.7 views

PT-2025-11124

Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Ruby affected versions not specified Description The issue concerns credential exposure in OpenShift and an out-of-bounds read in Ruby. Recommendations At the moment, there is no information about a...

5.4AI score
Exploits1References40
Rows per page
Query Builder