CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

SUSE CVE•added 2023/02/15 4:24 a.m.•2 views

SUSE CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

6.4CVSS6.9AI score0.00314EPSS

Exploits0References9

SUSE CVE•added 2023/02/15 4:20 a.m.•1 views

SUSE CVE-2018-1000201

ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...

7.8CVSS7AI score0.00237EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:37 a.m.•2 views

SUSE CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

6.5CVSS7AI score0.00765EPSS

Exploits1References10

SUSE CVE•added 2023/02/15 3:26 a.m.•2 views

SUSE CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

7.1CVSS7.5AI score0.04183EPSS

Exploits1References7

SUSE CVE•added 2023/02/15 3:25 a.m.•1 views

SUSE CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

7.5CVSS6.8AI score0.03833EPSS

Exploits1References5

Snyk•added 2023/01/17 9:30 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview sisimai is a Ruby library for analyzing RFC5322 bounce emails and generating structured data from parsed results. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in the function toplain of the...

7.5CVSS6.8AI score0.00322EPSS

Exploits1References2

Vulnrichment•added 2022/09/21 11:10 p.m.•5 views

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7CVSS8.1AI score0.00266EPSS

Exploits1References3

Tenable Nessus•added 2022/08/18 12:0 a.m.•73 views

Debian DLA-3077-1 : ruby-tzinfo - LTS security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3077 advisory. - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior ...

8.1CVSS7AI score0.03833EPSS

Exploits1References4

NVD•added 2022/07/22 4:15 a.m.•16 views

CVE-2022-31163

8.1CVSS0.03833EPSS

Exploits1References7

UbuntuCve•added 2022/07/22 4:15 a.m.•37 views

CVE-2022-31163

8.1CVSS6.8AI score0.03833EPSS

Exploits1References5

CNNVD•added 2022/07/22 12:0 a.m.•2 views

TZInfo 安全漏洞

TZInfo is a Ruby timezone library. A security vulnerability exists in TZInfo that stems from its susceptibility to relative path traversal causing TZInfo::Timezone.get to load arbitrary files. The following versions are affected: 0.3.60 and earlier, 1.0.0 through 1.2.9 only when used with the Rub...

8.1CVSS7.1AI score0.03833EPSS

Exploits1References16

Debian CVE•added 2022/07/21 1:30 p.m.•37 views

CVE-2022-31163

8.1CVSS6.7AI score0.03833EPSS

Exploits1

OSV•added 2022/07/21 1:30 p.m.•27 views

CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files

7.5CVSS6.8AI score0.03833EPSS

Exploits1References9

Vulnrichment•added 2022/07/21 1:30 p.m.•18 views

CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files

7.5CVSS6.8AI score0.03833EPSS

Exploits1References6

Cvelist•added 2022/07/21 1:30 p.m.•29 views

CVE-2022-31163 TZInfo relative path traversal vulnerability allows loading of arbitrary files

7.5CVSS8.2AI score0.03833EPSS

Exploits1References6

OSV•added 2022/06/28 5:15 p.m.•0 views

UBUNTU-CVE-2021-3779

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

6.5CVSS5.8AI score0.0039EPSS

Exploits1References3

OSV•added 2022/06/15 11:15 p.m.•2 views

UBUNTU-CVE-2022-31072

Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is...

3.3CVSS5.7AI score0.00029EPSS

Exploits0References4

CNNVD•added 2022/06/09 12:0 a.m.•2 views

Mechanize 信息泄露漏洞

Mechanize is an open source ruby library from Sparkle Motion. It is used to automate interactions with websites. A security vulnerability exists in versions of Mechanize prior to 2.8.5 that stems from an authorization header that leaks after redirecting to a different port on the same site...

7.5CVSS7.2AI score0.00332EPSS

Exploits0References6