rubygems

954 tracked vulnerabilities.

CVE-2013-4287
Redhat Enterprise Linux < 1.8.23 - Cryptographic Issue
Oct 17, 2013
EPSS 0.02
CVE-2013-4389
Ruby on Rails 3.0.0-3.2.14 - Denial of Service via Format String in Action Mailer Log Subscriber
Oct 17, 2013
EPSS 0.01
CVE-2013-4203
rgpg < 0.2.3 - Remote Code Execution via Shell Metacharacters in gpg_helper.rb
Oct 11, 2013
EPSS 0.01
CVE-2013-4136
Phusion Passenger < 4.0.6 - Privilege Escalation via Symlink Attack on Predictable /tmp Directory
Sep 30, 2013
EPSS 0.00
CVE-2013-5647
sounder gem 1.0.1 - Command Injection
Aug 29, 2013
EPSS 0.03
CVE-2013-4761
Puppet <2.7.23-3.2.4 & <2.8.3-3.0.1 - RCE
Aug 20, 2013
EPSS 0.01
CVE-2013-3567
Puppet 2.7.x < 2.7.22 and 3.2.x < 3.2.2 - Remote Code Execution via YAML Deserialization
Aug 19, 2013
EPSS 0.06
CVE-2013-1948
md2pdf 0.0.1 - Remote Code Execution via Shell Metacharacters in Filename
Apr 25, 2013
EPSS 0.02
CVE-2013-1947
kelredd-pruview 0.3.8 - OS Command Injection via Filename Argument
Apr 25, 2013
EPSS 0.02
CVE-2013-1933
karteek-docsplit 0.5.4 - OS Command Injection via PDF Filename
Apr 25, 2013
EPSS 0.03
CVE-2013-0233
Devise <1.5.4, <2.0.5, <2.1.3, <2.2.3 - Unauthenticated Security Bypass
Apr 25, 2013
EPSS 0.69
CVE-2013-0175
multi_xml < 0.5.2 - Remote Code Execution via YAML/Symbol Type Conversion
Apr 25, 2013
EPSS 0.01
CVE-2013-3221
Ruby on Rails 2.3.x-3.2.x - Data-Type Injection
Apr 22, 2013
EPSS 0.00
CVE-2013-1898
Thumbshooter 0.1.5 - Remote Code Execution via URL Shell Metacharacters
Apr 09, 2013
EPSS 0.01
CVE-2013-1802
extlib < 0.9.15 - Remote Code Execution and Denial of Service via String Cast Handling
Apr 09, 2013
EPSS 0.02
CVE-2013-1801
httparty < 0.9.0 - Remote Code Execution via YAML Type Conversion
Apr 09, 2013
EPSS 0.03
CVE-2013-1800
crack < 0.3.1 - Remote Code Execution via String Cast Injection
Apr 09, 2013
EPSS 0.02
CVE-2013-0285
nori_gem 1.0.x < 1.0.3, 1.1.x < 1.1.4, 2.0.x < 2.0.2 - Remote Code Execution via String Cast Injection
Apr 09, 2013
EPSS 0.01
CVE-2013-0284
New Relic Ruby Agent 3.2.0-3.5.2 - Exposure of Sensitive Information via Network Serialization
Apr 09, 2013
EPSS 0.00
CVE-2013-1911
ldoce 0.0.2 - Remote Code Execution via Shell Metacharacters in MP3 URL or File Name
Apr 03, 2013
EPSS 0.01
CVE-2013-2617
Ruby Gem Curl - Remote Code Execution via Shell Metacharacters in URL
Mar 20, 2013
EPSS 0.01
CVE-2013-2616
MiniMagick Gem 1.3.1 - Command Injection
Mar 20, 2013
EPSS 0.01
CVE-2013-2615
fastreader 1.0.8 - Remote Code Execution via URL Shell Metacharacters
Mar 20, 2013
EPSS 0.01
CVE-2013-1875
command_wrap - Remote Code Execution via Shell Metacharacters in URL or Filename
Mar 20, 2013
EPSS 0.01
CVE-2013-1655
Puppet 2.7.0-2.7.20 and 3.1.0 - Remote Code Execution via Serialized Attributes
Mar 20, 2013
EPSS 0.01
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV