CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14164 matches found

Tenable Nessus•added 2024/02/29 12:0 a.m.•96 views

CentOS 9 : ruby-3.0.2-155.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ruby-3.0.2-155.el9 build changelog. - Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, whic...

9.3CVSS7.6AI score0.25071EPSS

Exploits3References5

Tenable Nessus•added 2024/02/29 12:0 a.m.•31 views

CentOS 9 : ruby-3.0.4-160.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ruby-3.0.4-160.el9 build changelog. - A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp fr...

9.8CVSS7.5AI score0.00459EPSS

Exploits0References3

CNNVD•added 2024/02/29 12:0 a.m.•4 views

json-jwt gem for Ruby Security Vulnerability

The json-jwt gem for Ruby is a Ruby-based JSON Web token. A security vulnerability exists in version 1.16.3 of the json-jwt gem for Ruby, which stems from a vulnerability that allows identity checks to be bypassed via a signature/cryptographic obfuscation attack...

8.4CVSS6.7AI score0.00011EPSS

Exploits1References3

OSV•added 2024/02/29 12:0 a.m.•0 views

UBUNTU-CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

6.1CVSS7.1AI score0.03316EPSS

Exploits1References9

Debian CVE•added 2024/02/28 11:28 p.m.•29 views

CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

7.5CVSS6AI score0.0041EPSS

Exploits1

Vulnrichment•added 2024/02/28 11:28 p.m.•22 views

CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack

5.8CVSS6.5AI score0.0041EPSS

Exploits1References7

CVE•added 2024/02/28 11:28 p.m.•395 views

CVE-2024-26141

CVE-2024-26141 affects Rack, the modular Ruby web server interface. The issue arises when handling Range headers, allowing a server to respond with an unexpectedly large payload and potentially causing a denial of service in vulnerable Rack-based apps (including Rails) that use Rack::File or Rack...

7.5CVSS5.5AI score0.0041EPSS

Exploits1References7Affected Software1

Cvelist•added 2024/02/28 11:28 p.m.•26 views

CVE-2024-26141 Possible DoS Vulnerability with Range Header in Rack

5.8CVSS5.6AI score0.0041EPSS

Exploits1References7

Vulnrichment•added 2024/02/28 11:28 p.m.•28 views

CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. This vulnerability is patched in 3.0.9.1 and 2.2.8.1...

5.3CVSS6.5AI score0.0045EPSS

Exploits1References7

CVE•added 2024/02/28 11:28 p.m.•402 views

CVE-2024-25126

Rack (Ruby) is affected by CVE-2024-25126, a Denial of Service caused by pathological parsing of Content-Type headers in Rack’s media type parser. The issue is disclosed across multiple advisories and is addressed by patches in Rack versions 3.0.9.1 and 2.2.8.1. In connected advisories, related D...

7.5CVSS5.6AI score0.0045EPSS

Exploits1References7Affected Software1

Cvelist•added 2024/02/28 11:28 p.m.•27 views

CVE-2024-25126 Rack ReDos in content type parsing (2nd degree polynomial)

5.3CVSS5.5AI score0.0045EPSS

Exploits1References7

Debian CVE•added 2024/02/28 11:28 p.m.•40 views

CVE-2024-25126

7.5CVSS6AI score0.0045EPSS

Exploits1

CVE•added 2024/02/28 11:28 p.m.•391 views

CVE-2024-26146

CVE-2024-26146 affects Rack (Ruby web server interface). It describes a Denial of Service due to header parsing delays caused by crafted Accept and Forwarded headers. Public details in connected sources confirm the impact is a DoS threat from header parsing in Rack; affected code path is Rack::Re...

7.5CVSS5.7AI score0.00775EPSS

Exploits0References9Affected Software1

OSV•added 2024/02/28 11:28 p.m.•34 views

CVE-2024-26146 Possible Denial of Service Vulnerability in Rack Header Parsing

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ru...

5.3CVSS5.8AI score0.00775EPSS

Exploits0References11

Debian CVE•added 2024/02/28 11:28 p.m.•36 views

CVE-2024-26146

7.5CVSS6AI score0.00775EPSS

Exploits0

Cvelist•added 2024/02/28 11:28 p.m.•22 views

CVE-2024-26146 Possible Denial of Service Vulnerability in Rack Header Parsing

5.3CVSS5.5AI score0.00775EPSS

Exploits0References9

Vulnrichment•added 2024/02/28 11:28 p.m.•26 views

CVE-2024-26146 Possible Denial of Service Vulnerability in Rack Header Parsing

5.3CVSS5.7AI score0.00775EPSS

Exploits0References9

OSV•added 2024/02/28 10:57 p.m.•27 views

GHSA-54RR-7FVW-6X8F Rack Header Parsing leads to Possible Denial of Service Vulnerability

Possible Denial of Service Vulnerability in Rack Header Parsing There is a possible denial of service vulnerability in the header parsing routines in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26146. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.4,...

7.5CVSS6.3AI score0.00833EPSS

Exploits0References9