National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Ruby
There are 422 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2017-17796

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.

Published: December 20, 2017; 04:29:02 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-17795

In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.

Published: December 20, 2017; 04:29:01 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2017-17790

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

Published: December 20, 2017; 04:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-17718

The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.

Published: December 17, 2017; 04:29:00 PM -05:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.

Published: December 15, 2017; 04:29:00 AM -05:00
V3: 8.8 HIGH
V2: 9.3 HIGH
CVE-2017-17475

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17474

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17473

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17472

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17471

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17470

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17469

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17468

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2017-17467

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17466

TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.

Published: December 08, 2017; 02:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2017-0909

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.

Published: November 16, 2017; 05:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-0905

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.

Published: November 13, 2017; 12:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-0904

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.

Published: November 13, 2017; 12:29:00 PM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2017-0889

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

Published: November 13, 2017; 12:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-16792

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

Published: November 13, 2017; 04:29:00 AM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW