VYPR

Vendor CVEs

RubyGems

All CVEs

66 total · sorted by risk
  • CVE-2021-3590Aug 22, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

  • CVE-2022-29218May 12, 2022
    risk 0.00cvss epss 0.01

    RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a…

  • CVE-2022-29176May 5, 2022
    risk 0.00cvss epss 0.02

    Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed:…

  • CVE-2021-3456Mar 30, 2022
    risk 0.00cvss epss 0.00

    An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and…

  • CVE-2021-43809Dec 8, 2021
    risk 0.00cvss epss 0.03

    `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code…

  • CVE-2021-31917Sep 21, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data…

  • CVE-2015-4020Aug 25, 2015
    risk 0.00cvss epss 0.03

    RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed…

  • CVE-2013-4363Oct 17, 2013
    risk 0.00cvss epss 0.02

    Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a…

  • CVE-2013-4287Oct 17, 2013
    risk 0.00cvss epss 0.03

    Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of…

  • CVE-2012-2126Oct 1, 2013
    risk 0.00cvss epss 0.01

    RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

  • CVE-2012-2125Oct 1, 2013
    risk 0.00cvss epss 0.02

    RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

  • CVE-2013-2616Mar 20, 2013
    risk 0.00cvss epss 0.04

    lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

  • CVE-2013-2615Mar 20, 2013
    risk 0.00cvss epss 0.02

    lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

  • CVE-2013-1875Mar 20, 2013
    risk 0.00cvss epss 0.04

    command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename.

  • CVE-2012-2140Jul 18, 2012
    risk 0.00cvss epss 0.04

    The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.

  • CVE-2012-2139Jul 18, 2012
    risk 0.00cvss epss 0.05

    Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.

Page 2 of 2