Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2010-3119
Google Chrome prior to 5.0.375.127 and webkitgtk prior to 1.2.6 do not properly support the Ruby language, which allows malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Google Chrome
Webkitgtk Webkitgtk
10
CVSSv2
CVE-2009-4124
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 prior to 1.9.1-p376 allows context-dependent malicious users to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of the...
Ruby-lang Ruby 1.9.1
10
CVSSv2
CVE-2008-2662
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2 allow context-dependent malicious users to execute arbitrary code or cause ...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
10
CVSSv2
CVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, and 1.8.7 prior to 1.8.7-p22 allow context-dependent malicious users to execute arbitrary code or cause a denial of service via unkno...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
9.3
CVSSv2
CVE-2021-43809
`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions prior to 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the r...
Bundler Bundler
9.3
CVSSv2
CVE-2020-36327
Bundler 1.16.0 up to and including 2.2.9 and 2.2.11 up to and including 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is...
Bundler Bundler
Fedoraproject Fedora 34
Microsoft Package Manager Configurations -
3 Github repositories
9.3
CVSSv2
CVE-2013-2516
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
Fileutils Project Fileutils
9.3
CVSSv2
CVE-2014-6140
IBM Tivoli Endpoint Manager Mobile Device Management (MDM) prior to 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote malicious users to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enroll...
Ibm Tivoli Endpoint Manager Mobile Device Management
9.3
CVSSv2
CVE-2013-2090
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem prior to 0.6.1 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third par...
Uplawski Creme Fraiche 0.5.2
Uplawski Creme Fraiche 0.5.1
Uplawski Creme Fraiche 0.4.5
Uplawski Creme Fraiche 0.4.5.5
Uplawski Creme Fraiche 0.4.5.4
Uplawski Creme Fraiche 0.5
Uplawski Creme Fraiche 0.4.5.6
Uplawski Creme Fraiche
Uplawski Creme Fraiche 0.5.3
Uplawski Creme Fraiche 0.4.5.2
Uplawski Creme Fraiche 0.4.5.1
9.3
CVSSv2
CVE-2013-1933
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a PDF filename.
Documentcloud Karteek-docsplit 0.5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »