National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Ruby
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 347 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2017-16756

An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.

Published: February 19, 2018; 09:29:00 AM -05:00
(not available)
CVE-2017-16755

An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when the return link is clicked.

Published: February 19, 2018; 09:29:00 AM -05:00
(not available)
CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.

Published: February 05, 2018; 11:29:00 AM -05:00
(not available)
CVE-2014-1835

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

Published: February 02, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-1834

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

Published: February 02, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2014-5004

lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-5003

chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2014-5002

The lynx gem 0.2.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-5001

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-5000

The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4999

vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4998

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4997

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4996

lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2014-4995

Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.0 HIGH
V2: 1.9 LOW
CVE-2014-4994

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2014-4993

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4992

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4991

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2018-5220

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

Published: January 04, 2018; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM