Ruby-lang Ruby 2011-09-01

CPE Details

Ruby-lang Ruby 2011-09-01
ruby-lang
ruby
2011-09-01
2019-12-17
12h22 +00:00
2019-12-17
12h22 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:ruby-lang:ruby:2011-09-01:*:*:*:*:*:*:*

Informations

Vendor

ruby-lang

Product

ruby

Version

2011-09-01

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2013-4413 2014-03-11 14h00 +00:00 Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
5
CVE-2013-2119 2014-01-02 20h00 +00:00 Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
4.6
CVE-2013-4136 2013-09-30 19h00 +00:00 ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
4.4
CVE-2013-5647 2013-08-29 10h00 +00:00 lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
7.5
CVE-2013-0175 2013-04-25 23h00 +00:00 multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
7.5
CVE-2013-0233 2013-04-25 23h00 +00:00 Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.
6.8
CVE-2013-1947 2013-04-25 23h00 +00:00 kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
9.3
CVE-2013-1933 2013-04-25 21h00 +00:00 The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
9.3
CVE-2013-1948 2013-04-25 21h00 +00:00 converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
10
CVE-2013-1911 2013-04-02 22h00 +00:00 lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name.
6.8