Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2006-3964
PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote malicious users to execute arbitrary PHP code via a URL in the cfg_root parameter.
Banex Banex 2.21
1 EDB exploit
725
VMScore
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) prior to 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
720
VMScore
CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code vi...
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.8
720
VMScore
CVE-2013-0233
Devise gem 2.2.x prior to 2.2.3, 2.1.x prior to 2.1.3, 2.0.x prior to 2.0.5, and 1.5.x prior to 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote malicious users to cause incorrect re...
Plataformatec Devise 2.0.0
Plataformatec Devise 1.5.3
Plataformatec Devise 1.5.2
Plataformatec Devise 1.5.1
Plataformatec Devise 2.2.0
Plataformatec Devise 2.1.2
Plataformatec Devise 2.1.1
Plataformatec Devise 2.1.0
Plataformatec Devise 2.2.1
Plataformatec Devise 2.0.4
Plataformatec Devise 2.0.2
Plataformatec Devise 2.2.2
Plataformatec Devise 2.0.3
Plataformatec Devise 2.0.1
Plataformatec Devise 1.5.0
Opensuse Opensuse 12.2
695
VMScore
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
694
VMScore
CVE-2011-4815
Ruby (aka CRuby) prior to 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to an application that maintains a has...
Ruby-lang Ruby 1.8.7-p334
Ruby-lang Ruby 1.8.7-p330
Ruby-lang Ruby 1.8.7-p302
Ruby-lang Ruby 1.8.7-p299
Ruby-lang Ruby
694
VMScore
CVE-2008-2664
The rb_str_format function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2 allows context-dependent malicious users to trigger memory corruption via unspecified vectors related to allo...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 8.04
694
VMScore
CVE-2008-2725
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, and 1.8.7 prior to 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent malicious users to trigger memory corr...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.06
694
VMScore
CVE-2008-2726
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent malicious user...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.06
685
VMScore
CVE-2008-7248
Ruby on Rails 2.1 prior to 2.1.3 and 2.2.x prior to 2.2.2 does not verify tokens for requests with certain content types, which allows remote malicious users to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demon...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »