CVE-2013-1947

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to 1 document.rb, 2 video.rb, or 3 videoimage.rb...

CVE-2014-10075

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2013-5647

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

CVE-2013-0284

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information database credentials and SQL statements by sniffing the network and deserializing the data...

CVE-2011-5331

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

CVE-2019-14282

The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

CVE-2019-13589

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...

CVE-2013-4457

The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...

CVE-2015-8314

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2012-6134

Cross-site request forgery CSRF vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser bsc1242894. CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is...

Astra Linux - уязвимость в yajl

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

Oracle Linux 8 : ruby:2.5 (ELSA-2025-7539)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7539 advisory. - Fix integer overflow in searchinrange function in regexec.c CVE-2019-19012. Resolves: RHEL-87505 rubygem-abrt rubygem-bson rubygem-bundler Tenable ha...

Ubuntu: Security Advisory (USN-7507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media (moderate)

ruby3.4-rubygem-globalid-1.2.1-1.7 on GA media Announcement ID: openSUSE-SU-2025:15116-1 Rating: moderate Cross-References: CVE-2023-22799 CVSS scores: CVE-2023-22799 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...

ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media (moderate)

ruby3.4-rubygem-websocket-extensions-0.1.5-1.22 on GA media Announcement ID: openSUSE-SU-2025:15130-1 Rating: moderate Cross-References: CVE-2020-7663 CVSS scores: CVE-2020-7663 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves on...

ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15113-1 Rating: moderate Cross-References: CVE-2022-21831 CVSS scores: CVE-2022-21831 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves on...

ruby3.4-rubygem-multi_xml-0.6.0-1.29 on GA media (moderate)

ruby3.4-rubygem-multixml-0.6.0-1.29 on GA media Announcement ID: openSUSE-SU-2025:15122-1 Rating: moderate Cross-References: CVE-2013-0175 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

ruby3.4-rubygem-puma-6.4.3-1.3 on GA media (moderate)

ruby3.4-rubygem-puma-6.4.3-1.3 on GA media Announcement ID: openSUSE-SU-2025:15123-1 Rating: moderate Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2022-23634 CVE-2024-45614 CVSS scores: CVE-2019-16770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11076 SUSE : 6.8...