rubygems

965 tracked vulnerabilities.

CVE-2013-1812
Fedora < 2.2.1 - Resource Management Error
Dec 12, 2013
EPSS 0.02
CVE-2013-4479
Sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Content-Type
Dec 07, 2013
EPSS 0.03
CVE-2013-4478
sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Filename
Dec 07, 2013
EPSS 0.02
CVE-2013-6417
Ruby on Rails 3.x < 3.2.16 and 4.x < 4.0.2 - SQL Query Manipulation via JSON Parameter Handling
Dec 07, 2013
EPSS 0.02
CVE-2013-6416
Ruby on Rails < 4.0.2 - Cross-Site Scripting via simple_format Helper
Dec 07, 2013
EPSS 0.02
CVE-2013-6415
Ruby on Rails < 3.2.16 and 4.x < 4.0.2 - Cross-Site Scripting via number_to_currency Helper Unit Parameter
Dec 07, 2013
EPSS 0.03
CVE-2013-6414
Ruby on Rails 3.x < 3.2.16 and 4.x < 4.0.2 - Denial of Service via Invalid MIME Type Header
Dec 07, 2013
EPSS 0.21
CVE-2013-4492
I18n < 0.6.5 - XSS
Dec 07, 2013
EPSS 0.02
CVE-2013-4491
Ruby on Rails 3.x < 3.2.16 and 4.x < 4.0.2 - Cross-Site Scripting via i18n Fallback String
Dec 07, 2013
EPSS 0.02
CVE-2013-4457
Cocaine gem 0.4.0-0.5.2 - OS Command Injection via Recursive Variable Interpolation
Nov 02, 2013
EPSS 0.01
CVE-2013-4363
RubyGems < 1.8.23.2, 1.8.24-1.8.26, 2.0.x < 2.0.10, 2.1.x < 2.1.5 - Denial of Service via Version Regex Backtracking
Oct 17, 2013
EPSS 0.02
CVE-2013-4287
Redhat Enterprise Linux < 1.8.23 - Cryptographic Issue
Oct 17, 2013
EPSS 0.03
CVE-2013-4389
Ruby on Rails 3.0.0-3.2.14 - Denial of Service via Format String in Action Mailer Log Subscriber
Oct 17, 2013
EPSS 0.03
CVE-2013-4203
rgpg < 0.2.3 - Remote Code Execution via Shell Metacharacters in gpg_helper.rb
Oct 11, 2013
EPSS 0.02
CVE-2013-4136
Phusion Passenger < 4.0.6 - Privilege Escalation via Symlink Attack on Predictable /tmp Directory
Sep 30, 2013
EPSS 0.00
CVE-2013-5647
sounder gem 1.0.1 - Command Injection
Aug 29, 2013
EPSS 0.02
CVE-2013-4761
Puppet <2.7.23-3.2.4 & <2.8.3-3.0.1 - RCE
Aug 20, 2013
EPSS 0.02
CVE-2013-3567
Puppet 2.7.x < 2.7.22 and 3.2.x < 3.2.2 - Remote Code Execution via YAML Deserialization
Aug 19, 2013
EPSS 0.03
CVE-2013-1948
md2pdf 0.0.1 - Remote Code Execution via Shell Metacharacters in Filename
Apr 25, 2013
EPSS 0.02
CVE-2013-1947
kelredd-pruview 0.3.8 - OS Command Injection via Filename Argument
Apr 25, 2013
EPSS 0.02
CVE-2013-1933
karteek-docsplit 0.5.4 - OS Command Injection via PDF Filename
Apr 25, 2013
EPSS 0.02
CVE-2013-0233
Devise <1.5.4, <2.0.5, <2.1.3, <2.2.3 - Unauthenticated Security Bypass
Apr 25, 2013
EPSS 0.14
CVE-2013-0175
multi_xml < 0.5.2 - Remote Code Execution via YAML/Symbol Type Conversion
Apr 25, 2013
EPSS 0.04
CVE-2013-3221
Ruby on Rails 2.3.x-3.2.x - Data-Type Injection
Apr 22, 2013
EPSS 0.02
CVE-2013-1898
Thumbshooter 0.1.5 - Remote Code Execution via URL Shell Metacharacters
Apr 09, 2013
EPSS 0.02