rubygems

954 tracked vulnerabilities.

CVE-2012-6134
omniauth-oauth2 < 1.1.1 - Cross-Site Request Forgery
Apr 09, 2013
EPSS 0.00
CVE-2012-6109
Rack < 1.1.4, 1.2.x < 1.2.6, 1.3.x < 1.3.7, 1.4.x < 1.4.2 - Denial of Service via Crafted Content-Disposition Header
Mar 01, 2013
EPSS 0.01
CVE-2012-5604
Red Hat CloudForms 1.1 - Unauthenticated Authentication Bypass via LDAP Fluff Gem
Mar 01, 2013
EPSS 0.00
CVE-2012-6497
Rails < 3.2.10 - SQL Injection
Jan 04, 2013
EPSS 0.00
CVE-2012-6496
Ruby on Rails < 3.0.18, 3.1.x < 3.1.9, 3.2.x < 3.2.10 - SQL Injection via Dynamic Finders
Jan 04, 2013
EPSS 0.01
CVE-2012-3503 CRITICAL
Katello < 1.0 - Use of Hard-coded Credentials in Installation Script
Aug 25, 2012
CVSS 9.8
EPSS 0.01
CVE-2012-3465
Ruby on Rails < 3.0.17, 3.1.x < 3.1.8, 3.2.x < 3.2.8 - Cross-Site Scripting via Malformed HTML Markup
Aug 10, 2012
EPSS 0.00
CVE-2012-3464
Ruby on Rails < 3.0.17, 3.1.x < 3.1.8, 3.2.x < 3.2.8 - Cross-Site Scripting via Quote Character Handling
Aug 10, 2012
EPSS 0.00
CVE-2012-3463
Ruby on Rails 3.x < 3.0.17, 3.1.x < 3.1.8, 3.2.x < 3.2.8 - Cross-Site Scripting via select_tag Helper Prompt Field
Aug 10, 2012
EPSS 0.00
CVE-2012-3424
Ruby on Rails 3.x < 3.0.16, 3.1.x < 3.1.7, 3.2.x < 3.2.7 - Denial of Service via Digest Authentication String Conversion
Aug 08, 2012
EPSS 0.01
CVE-2012-3867
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Certificate Signing Request Spoofing via ANSI Control Sequences
Aug 06, 2012
EPSS 0.01
CVE-2012-3866
Puppet 2.7.x < 2.7.18 & Puppet Enterprise < 2.5.2 - Sensitive Config Exposure via last_run_report.yaml
Aug 06, 2012
EPSS 0.00
CVE-2012-3865
Puppet < 2.6.17 and 2.7.x < 2.7.18 - Authenticated Arbitrary File Deletion via Node Name Path Traversal
Aug 06, 2012
EPSS 0.01
CVE-2012-3408
Puppet < 2.7.18 and Puppet Enterprise < 2.5.2 - Improper Authentication via IP Address Spoofing
Aug 06, 2012
EPSS 0.00
CVE-2012-2140
Mail gem < 2.4.3 - Remote Code Execution via Shell Metacharacters in Sendmail/Exim Delivery
Jul 18, 2012
EPSS 0.04
CVE-2012-2139
Mail gem < 2.4.4 - Path Traversal via File Delivery To Parameter
Jul 18, 2012
EPSS 0.04
CVE-2012-1989
Puppet 2.7.x < 2.7.13 & Puppet Enterprise 1.2.x, 2.0.x, 2.5.x - Arbitrary File Write via Symlink
Jun 27, 2012
EPSS 0.00
CVE-2012-2695
Ruby on Rails <3.0.14, <3.1.x <3.1.6, <3.2.x <3.2.6 - SQL Injection
Jun 22, 2012
EPSS 0.01
CVE-2012-2694
Ruby on Rails <3.0.14, <3.1.6, <3.2.6 - Info Disclosure
Jun 22, 2012
EPSS 0.00
CVE-2012-2661
Ruby on Rails <3.0.13, <3.1.5, <3.2.4 - SQL Injection
Jun 22, 2012
EPSS 0.01
CVE-2012-2660
Ruby on Rails <3.0.13, <3.1.5, <3.2.4 - Info Disclosure
Jun 22, 2012
EPSS 0.00
CVE-2012-2671
Rack::Cache 0.3.0-1.1 - Sensitive Header Caching
Jun 17, 2012
EPSS 0.01
CVE-2012-1988
Puppet 2.6.0-2.6.14 and 2.7.0-2.7.12 - Authenticated Remote Code Execution via Filebucket Request
May 29, 2012
EPSS 0.00
CVE-2012-1987
Puppet 2.6.0-2.6.14 and 2.7.0-2.7.12 - Authenticated Denial of Service via REST Requests
May 29, 2012
EPSS 0.01
CVE-2012-1906
Puppet 2.6.x < 2.6.15, 2.7.x < 2.7.13, Puppet Enterprise < 2.5.1 - Arbitrary File Write via Symlink Attack
May 29, 2012
EPSS 0.00
Products
actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6
Quick Filters
Critical CVEs With Exploits In CISA KEV