Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36006
Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated malicious users to execute arbitrary code via specially craft...
Arvados Arvados
NA
CVE-2022-1158
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the...
Linux Linux Kernel
Fedoraproject Fedora 36
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
NA
CVE-2022-31163
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions before 0.36.1, as well as those before 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby...
Tzinfo Project Tzinfo
Debian Debian Linux 10.0
2 Github repositories
6.8
CVSSv2
CVE-2022-31115
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions before 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the respon...
Amazon Opensearch
4.3
CVSSv2
CVE-2021-3779
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.
Ruby-mysql Project Ruby-mysql
4.3
CVSSv2
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vul...
Php Php
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2.1
CVSSv2
CVE-2022-31072
Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). Th...
Octokit Project Octokit 4.24.0
Octokit Project Octokit 4.23.0
5
CVSSv2
CVE-2022-31033
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions before 2.8.5 the Authorization header is leaked after a redirect to a different port on ...
Mechanize Project Mechanize
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.5
CVSSv2
CVE-2022-32511
jmespath.rb (aka JMESPath for Ruby) prior to 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
Jmespath Project Jmespath
Fedoraproject Fedora 35
Fedoraproject Fedora 36
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »