CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27221 advisory. - In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent...

5.3CVSS6.9AI score0.00156EPSS

Exploits0References2

OSV•added 2025/01/27 7:20 a.m.•16 views

BIT-RUBY-MIN-2021-33621

The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...

8.8CVSS8.6AI score0.01371EPSS

Exploits1References9

OSV•added 2025/01/27 7:20 a.m.•7 views

BIT-RUBY-MIN-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS8.1AI score0.00765EPSS

Exploits1References7

OSV•added 2025/01/27 7:20 a.m.•11 views

BIT-RUBY-MIN-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

9.8CVSS9.2AI score0.00459EPSS

Exploits0References6

Debian CVE•added 2018/04/03 10:0 p.m.•29 views

CVE-2018-8778

Removed by vendor...

7.5CVSS8.7AI score0.00537EPSS

Exploits0

exploitpack•added 2017/12/02 12:0 a.m.•98 views

Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection

Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll not...

9.3CVSS8.1AI score0.88646EPSS

Exploits5

Cvelist•added 2013/04/25 11:0 p.m.•23 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

6.7AI score0.02189EPSS

Exploits1References9

UbuntuCve•added 2012/10/05 12:0 a.m.•39 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS5.9AI score0.00488EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by