Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems rubygems vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote malicious users to delete arbitrary files during the startup process.
Phusion Passenger 4.0.0
Redhat Openshift 1.0
552
VMScore
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
534
VMScore
CVE-2022-29176
Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one...
Rubygems Rubygems.org -
1 Github repository
516
VMScore
CVE-2021-32066
An issue exists in Ruby up to and including 2.6.7, 2.7.x up to and including 2.7.3, and 3.x up to and including 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle malicious users to bypass the TLS prot...
Ruby-lang Ruby
Oracle Jd Edwards Enterpriseone Tools
516
VMScore
CVE-2020-15240
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an malicious user to bypass authentication and authorization. You are a...
Auth0 Omniauth-auth0
516
VMScore
CVE-2012-2125
RubyGems prior to 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote malicious users to observe or modify a gem during installation via a man-in-the-middle attack.
Rubygems Rubygems 1.8.19
Rubygems Rubygems 1.8.18
Rubygems Rubygems 1.8.10
Rubygems Rubygems 1.8.9
Rubygems Rubygems 1.8.2
Rubygems Rubygems 1.8.1
Rubygems Rubygems 1.8.17
Rubygems Rubygems 1.8.16
Rubygems Rubygems 1.8.15
Rubygems Rubygems 1.8.8
Rubygems Rubygems 1.8.7
Rubygems Rubygems 1.8.0
Rubygems Rubygems 1.8.21
Rubygems Rubygems 1.8.20
Rubygems Rubygems 1.8.12
Rubygems Rubygems 1.8.11
Rubygems Rubygems 1.8.4
Rubygems Rubygems 1.8.3
Rubygems Rubygems
Rubygems Rubygems 1.8.14
Rubygems Rubygems 1.8.13
Rubygems Rubygems 1.8.6
446
VMScore
CVE-2021-41819
CGI::Cookie.parse in Ruby up to and including 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem up to and including 0.3.0 for Ruby.
Ruby-lang Ruby
Ruby-lang Cgi 0.3.0
Ruby-lang Cgi 0.2.0
Ruby-lang Cgi 0.1.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Suse Linux Enterprise 11.0
Opensuse Factory -
Opensuse Leap 15.2
Fedoraproject Fedora 34
Fedoraproject Fedora 35
446
VMScore
CVE-2021-41817
Date.parse in the date gem up to and including 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Ruby-lang Date
Ruby-lang Date 3.2.0
Ruby-lang Ruby
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Opensuse Factory -
Opensuse Leap 15.2
446
VMScore
CVE-2021-28965
The REXML gem prior to 3.2.5 in Ruby prior to 2.6.7, 2.7.x prior to 2.7.3, and 3.x prior to 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Ruby-lang Ruby
Ruby-lang Rexml
Fedoraproject Fedora 34
2 Github repositories
445
VMScore
CVE-2022-29218
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious...
Rubygems Rubygems.org -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »