National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Ruby
There are 390 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2014-4992

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2014-4991

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Published: January 10, 2018; 01:29:00 PM -05:00
V3: 7.8 HIGH
V2: 2.1 LOW
CVE-2018-5220

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

Published: January 04, 2018; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5219

In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

Published: January 04, 2018; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5218

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

Published: January 04, 2018; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5217

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

Published: January 04, 2018; 02:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5088

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5087

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5086

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5085

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5084

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5083

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5082

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5081

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5080

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2018-5079

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

Published: January 03, 2018; 04:29:00 PM -05:00
V3: 7.8 HIGH
V2: 6.1 MEDIUM
CVE-2017-17920

** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

Published: December 29, 2017; 11:29:00 AM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2017-17919

** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

Published: December 29, 2017; 11:29:00 AM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2017-17917

** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

Published: December 29, 2017; 11:29:00 AM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM
CVE-2017-17916

** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.

Published: December 29, 2017; 11:29:00 AM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM