CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

79 matches found

OSV•added 2024/11/19 6:15 p.m.•20 views

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

7.8CVSS7.6AI score0.00728EPSS

Exploits2References6

CVE•added 2024/11/19 5:38 p.m.•66 views

CVE-2024-48992

CVE-2024-48992 affects needrestart before 3.8. An attacker could trigger arbitrary root commands by supplying an attacker-controlled RUBYLIB and tricking the Ruby interpreter, per the initial description. The TencentOS Server 4 advisory also notes that needrestart passes unsanitized data to Modul...

7.8CVSS7.9AI score0.00728EPSS

Exploits2References6Affected Software1

Vulnrichment•added 2024/11/19 5:38 p.m.•35 views

CVE-2024-48992

7.8CVSS8AI score0.00728EPSS

Exploits2References3

Debian CVE•added 2024/11/19 5:38 p.m.•12 views

CVE-2024-48992

7.8CVSS8.6AI score0.00728EPSS

Exploits2

CNNVD•added 2024/11/19 12:0 a.m.•3 views

needrestart 权限许可和访问控制问题漏洞

needrestart is a tool by liske personal developer for checking which daemons need to be restarted after an upgrade. A security vulnerability exists in versions prior to needrestart 3.8, which stems from a vulnerability that allows a local attacker to run the Ruby interpreter by tricking needresta...

7.8CVSS8AI score0.00728EPSS

Exploits2References5

BDU FSTEC•added 2024/11/14 12:0 a.m.•1 views

The vulnerability of the `block_format` function in the Action Text interpreter for Ruby allows a hacker to trigger a service failure.

The vulnerability of the blockformat function in the Action Text extension of the Ruby interpreter is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...

3.7CVSS5.7AI score0.00317EPSS

Exploits0References10Affected Software6

Redos•added 2024/10/29 12:0 a.m.•16 views

ROS-20241029-11

A vulnerability in the blockformat function of the Ruby interpreter with the Action Mailer Gem extension is related to the execution of the function for an unexpectedly large amount of time. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

8.7CVSS7.1AI score0.00317EPSS

Exploits0

Redos•added 2024/10/29 12:0 a.m.•14 views

ROS-20241029-09

A vulnerability in the plaintextforblockquotenode function of the Ruby interpreter with the Action Text Gem extension is related to the execution of the function for an unexpectedly large amount of time. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial o...

8.7CVSS7.2AI score0.00476EPSS

Exploits0

Redos•added 2024/10/29 12:0 a.m.•25 views

ROS-20241029-02

A vulnerability in the Action Dispatch component of the Ruby interpreter with the Action Pack extension is related to bugs in the procedures for filtering Action Dispatch request parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...

8.7CVSS7.3AI score0.00557EPSS

Exploits0

Redos•added 2024/08/28 12:0 a.m.•11 views

ROS-20240827-20

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during generation of the of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Ruby...

6.1CVSS6.1AI score0.02363EPSS

Exploits1

Redos•added 2024/08/28 12:0 a.m.•11 views

ROS-20240827-03

Vulnerability of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb of Ruby interpreter is related to incorrect neutralization of input data during generation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting locally to conduc...

5.4CVSS6.3AI score0.00287EPSS

Exploits1

Redos•added 2024/08/28 12:0 a.m.•12 views

ROS-20240827-19

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during the generation of a of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Rub...

6.1CVSS6.1AI score0.02363EPSS

Exploits1

Redos•added 2024/08/28 12:0 a.m.•19 views

ROS-20240827-06

6.1CVSS6.2AI score0.02363EPSS

Exploits1

Redos•added 2024/08/28 12:0 a.m.•13 views

ROS-20240827-18

Vulnerability of the actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb file of Ruby interpreter is related to incorrect neutralization of input data during generation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting locally to conduc...

5.4CVSS6.3AI score0.00287EPSS

Exploits1

Redos•added 2024/08/26 12:0 a.m.•16 views

ROS-20240826-09

The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...

5.3CVSS7.1AI score0.00604EPSS

Exploits0

Redos•added 2024/07/24 12:0 a.m.•22 views

ROS-20240723-03

Vulnerability of Ruby interpreter's Net::FTP class implementation is related to flaws in service data protection using the PASV command. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information. remotely, to gain unauthorized...

7.4CVSS7.2AI score0.00668EPSS

Exploits2

BDU FSTEC•added 2024/05/13 12:0 a.m.•1 views

The vulnerability of the Ruby interpreter, related to buffer overflows in the heap, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Ruby programming language interpreter is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...

6.6CVSS7.2AI score0.00655EPSS

Exploits0References8Affected Software4

Redos•added 2024/05/08 12:0 a.m.•24 views

ROS-20240508-01

Vulnerability in the Rack module of the Ruby interpreter is related to incorrect implementation of the Ruby programming language of handling invalid URLs. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

7.5CVSS7AI score0.00775EPSS

Exploits2

BDU FSTEC•added 2024/03/26 12:0 a.m.•1 views

The vulnerability of the Nokogiri library in the Ruby interpreter allows a hacker to disclose protected information or cause service failures.

The vulnerability of the Nokogiri library in the Ruby interpreter is related to improper handling of unexpected data types. Exploiting this vulnerability can allow an attacker to disclose protected information or cause service failures...

8.5CVSS6.8AI score0.04183EPSS

Exploits1References12Affected Software13

Ubuntu•added 2023/06/21 8:42 a.m.•80 views

USN-6181-1: Ruby vulnerabilities

Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected...

8.8CVSS7.7AI score0.011EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by