Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2011-4121
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on stron...
Ruby-lang Ruby
9.8
CVSSv3
CVE-2011-5330
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.
Distributed Ruby Project Distributed Ruby 1.8
1 Github repository
9.8
CVSSv3
CVE-2011-5331
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.
Distributed Ruby Project Distributed Ruby 1.8
9.8
CVSSv3
CVE-2010-2446
Rbot Reaction plugin allows command execution
Ruby-rbot Rbot -
9.8
CVSSv3
CVE-2019-17383
The netaddr gem prior to 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
Netaddr Project Netaddr
9.8
CVSSv3
CVE-2019-16377
The makandra consul gem up to and including 1.0.2 for Ruby has Incorrect Access Control.
Makandra Consul
9.8
CVSSv3
CVE-2019-16060
The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist_keys configuration option and consequently may disclose passwords to unauthorized actors. This is fixed in 4.2.4 (also, 4.2.2 and previous versions are unaffected).
Airbrake Airbrake Ruby 4.2.3
9.8
CVSSv3
CVE-2019-15224
The rest-client gem 1.6.10 up to and including 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
Rest-client Project Rest-client
1 Article
9.8
CVSSv3
CVE-2019-5477
A command injection vulnerability in Nokogiri v1.10.3 and previous versions allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsa...
Nokogiri Nokogiri
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
Debian Debian Linux 10.0
1 Github repository
9.8
CVSSv3
CVE-2019-14281
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Datagrid Project Datagrid 1.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »