Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2013-1947
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
Kelly D. Redding Kelredd-pruview 0.3.8
9.3
CVSSv2
CVE-2012-0013
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote malicious users to execute arbitrary code vi...
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008 -
Microsoft Windows 7 -
Microsoft Windows Xp
Microsoft Windows Server 2003
Microsoft Windows Vista
2 EDB exploits
9.3
CVSSv2
CVE-2011-1797
WebKit, as used in Apple Safari prior to 5.0.6, allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
Chromium Project Chromium
Apple Safari
Apple Safari 1.0
Apple Safari 1.0.0
Apple Safari 1.0.0b1
Apple Safari 1.0.0b2
Apple Safari 1.0.1
Apple Safari 1.0.2
Apple Safari 1.0.3
Apple Safari 1.1
Apple Safari 1.1.0
Apple Safari 1.1.1
Apple Safari 1.2
Apple Safari 1.2.0
Apple Safari 1.2.1
Apple Safari 1.2.2
Apple Safari 1.2.3
Apple Safari 1.2.4
Apple Safari 1.2.5
Apple Safari 1.3
Apple Safari 1.3.0
Apple Safari 1.3.1
9.3
CVSSv2
CVE-2010-0647
WebKit before r53525, as used in Google Chrome prior to 4.0.249.89, allows remote malicious users to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
Apple Webkit
Google Chrome 1.0.154.36
Google Chrome 3.0.193.2
Google Chrome 2.0.172.8
Google Chrome 2.0.172.2
Google Chrome 2.0.172.31
Google Chrome 0.4.154.18
Google Chrome 2.0.172
Google Chrome 0.2.152.1
Google Chrome 0.4.154.33
Google Chrome 0.2.149.27
Google Chrome 1.0.154.52
Google Chrome 3.0.195.33
Google Chrome 1.0.154.53
Google Chrome 4.0.244.0
Google Chrome 2.0.156.1
Google Chrome 2.0.172.27
Google Chrome 2.0.172.30
Google Chrome 0.2.153.1
Google Chrome 2.0.170.0
Google Chrome 2.0.158.0
Google Chrome 2.0.159.0
9
CVSSv2
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote malicious users to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privil...
Opensuse Open Build Service
9
CVSSv2
CVE-2021-32756
ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allo...
Manageiq Manageiq Jansa-1
Manageiq Manageiq Jansa-2
Manageiq Manageiq Jansa-3
Manageiq Manageiq Kasparov-1
Manageiq Manageiq Lasker-1
9
CVSSv2
CVE-2014-3790
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
Vmware Vcenter Server Appliance 5.5
Vmware Vcenter Server Appliance 5.1
9
CVSSv2
CVE-2013-1640
The (1) template and (2) inline_template functions in the master server in Puppet prior to 2.6.18, 2.7.x prior to 2.7.21, and 3.1.x prior to 3.1.1, and Puppet Enterprise prior to 1.2.7 and 2.7.x prior to 2.7.2 allows remote authenticated users to execute arbitrary code via a craf...
Puppet Puppet
Puppet Puppet 3.1.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.7.0
Puppet Puppet Enterprise 2.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
8.8
CVSSv2
CVE-2019-8320
A Directory Traversal issue exists in RubyGems 2.7.6 and later up to and including 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, ...
Rubygems Rubygems
7.8
CVSSv2
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »