Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puma vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5
CVSSv2
CVE-2020-5247
In Puma (RubyGem) prior to 4.3.2 and prior to 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an e...
Ruby-lang Ruby
Puma Puma
Ruby-lang Ruby 2.7.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.3
CVSSv2
CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor...
Puma Puma
Rubyonrails Rails
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.8
CVSSv2
CVE-2017-5693
Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network malicious user to create a denial of service via crafted network traffic.
Intel Puma Firmware 5.0
Intel Puma Firmware 6.0 Soc
Intel Puma Firmware 7.0 Soc
4 Github repositories
1 Article
4.3
CVSSv2
CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques...
Rubyonrails Rails
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5
CVSSv2
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
2.1
CVSSv2
CVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Intel Celeron J4005 -
Intel Celeron N4100 -
Intel Celeron N4000 -
Intel Celeron J4105 -
Intel Celeron J3355 -
Intel Celeron N3350 -
Intel Celeron J3455 -
Intel Celeron N3450 -
Intel Atom X5-e3930 -
Intel Atom X5-e3940 -
Intel Atom X7-e3950 -
Intel Pentium Silver J5005 -
Intel Pentium Silver N5000 -
Intel Core I3-10110u -
Intel Core I3-1005g1 -
Intel Core I5-10210u -
Intel Core I5-10310y -
Intel Core I5-10210y -
Intel Core I5-1035g4 -
Intel Core I5-1035g7 -
Intel Core I5-1035g1 -
Intel Core I5-9300h -
1 Github repository
3 Articles
1.9
CVSSv2
CVE-2020-0551
Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/c...
Intel Core I7-6700k -
Intel Atom C2750 -
Intel Celeron N2840 -
Intel Xeon E5-2658 V2 -
Intel Core I7-4500u -
Intel Core I7-3632qm -
Intel Xeon E3-1240 V5 -
Intel Xeon D-1649n -
Intel Xeon D-1633n -
Intel Xeon D-1637 -
Intel Xeon D-1627 -
Intel Xeon D-1623n -
Intel Xeon D-1622 -
Intel Xeon D-1653n -
Intel Xeon D-1602 -
Intel Xeon D-2141i -
Intel Xeon D-2177nt -
Intel Xeon D-2161i -
Intel Xeon D-2143it -
Intel Xeon D-2146nt -
Intel Xeon D-2145nt -
Intel Xeon D-2123it -
17 Github repositories
2 Articles
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2