Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may...
Yajl-ruby Project Yajl-ruby
605
VMScore
CVE-2007-6183
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions prior to 20071127, allows context-dependent malicious users to execute arbitrary code via format string specifiers in the messag...
Ruby Gnome2 Ruby Gnome2 0.16.0
668
VMScore
CVE-2016-10193
The espeak-ruby gem prior to 1.0.3 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.
Espeak-ruby Project Espeak-ruby
516
VMScore
CVE-2016-11086
lib/oauth/consumer.rb in the oauth-ruby gem up to and including 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information.
Oauth-ruby Project Oauth-ruby
890
VMScore
CVE-2019-10780
BibTeX-ruby prior to 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
Bibtex-ruby Project Bibtex-ruby
383
VMScore
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby
Ruby-lang Trunk
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Puppet Puppet Agent 1.0.0
Puppet Puppet Enterprise
1 Github repository
668
VMScore
CVE-2011-5330
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.
Distributed Ruby Project Distributed Ruby 1.8
1 Github repository
668
VMScore
CVE-2011-5331
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.
Distributed Ruby Project Distributed Ruby 1.8
445
VMScore
CVE-2020-5247
In Puma (RubyGem) prior to 4.3.2 and prior to 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an e...
Ruby-lang Ruby
Puma Puma
Ruby-lang Ruby 2.7.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
NA
CVE-2021-33621
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Ruby-lang Cgi
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Ruby-lang Ruby
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »