National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Ruby
There are 390 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.

Published: April 19, 2017; 01:59:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-6181

The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.

Published: April 03, 2017; 01:59:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

Published: March 29, 2017; 10:59:00 AM -04:00
V3: 7.3 HIGH
V2: 7.5 HIGH
CVE-2016-10194

The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.

Published: March 03, 2017; 10:59:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-10193

The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.

Published: March 03, 2017; 10:59:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-5946

The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.

Published: February 27, 2017; 02:59:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-10173

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.

Published: February 01, 2017; 10:59:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

Published: January 30, 2017; 05:59:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-5594

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01.

Published: January 25, 2017; 01:59:00 PM -05:00
V3: 7.5 HIGH
V2: 4.3 MEDIUM
CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

Published: January 23, 2017; 04:59:02 PM -05:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

Published: January 23, 2017; 04:59:01 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Published: January 06, 2017; 04:59:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-2337

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

Published: January 06, 2017; 04:59:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-2336

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

Published: January 06, 2017; 04:59:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.

Published: December 22, 2016; 05:59:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

Published: September 07, 2016; 03:28:11 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-6316

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

Published: September 07, 2016; 03:28:10 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding.

Published: June 10, 2016; 11:59:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-3693

The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.

Published: May 20, 2016; 10:59:03 AM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Published: April 07, 2016; 07:59:06 PM -04:00
V3: 7.3 HIGH
V2: 7.5 HIGH