2157 matches found
Linux Distros Unpatched Vulnerability : CVE-2007-0469
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote...
MAL-2025-1555 Malicious code in luno-cocoapods (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...
MAL-2025-1508 Malicious code in komojuu (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c9b92c44ca626e6347b7268f60a919598a96b7b49491c0e2eed6b9d7f0d3ab73 The OpenSSF Package Analysis project identified 'komojuu' @ 99.0.0 rubygems as malicious. It is considered malicious because: - The package...
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...
CVE-2022-29218
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...
CVE-2024-28199
phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...
Malicious code in dextester (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-1010 Malicious code in dextester (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-10224 Malicious code in znowflake_client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in zen-ruby-linter (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-10223 Malicious code in zen-ruby-linter (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-10222 Malicious code in zbt_element_definer (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in johnny_five (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-10221 Malicious code in johnny_five (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to expose sensitive information due to RubyGems activesupport ( CVE-2023-38037 )
Summary RubyGems activesupport is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-38037. Vulnerability Details CVEID:CVE-2023-38037 DESCRIPTION: RubyGems activesupport gemcould allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the...
rexml: DoS vulnerability in REXML
A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...
rexml: DoS vulnerability in REXML
A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...
RHSA-2014:0207 Red Hat Security Advisory: rubygems security update
Bulletin has no description...
RHSA-2013:1441 Red Hat Security Advisory: rubygems security update
Bulletin has no description...
RHSA-2013:1203 Red Hat Security Advisory: rubygems security update
Bulletin has no description...