Ruby Luki w zabezpieczeniach

Oś czasu

Ostatni rok

Wersja

2.0	28
2.3.0	27
2.3.1	27
2.4.0	26
2.4.1	26

Przeciwdziałanie

Official Fix	201
Temporary Fix	0
Workaround	0
Unavailable	1
Not Defined	44

Wykorzystywanie

High	11
Functional	0
Proof-of-Concept	58
Unproven	11
Not Defined	166

Wektor dostępu

Not Defined	0
Physical	0
Local	11
Adjacent	10
Network	225

Uwierzytelnianie

Not Defined	0
High	0
Low	23
None	223

Interakcja z użytkownikiem

Not Defined	0
Required	48
None	198

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	7
≤5	25
≤6	61
≤7	61
≤8	60
≤9	20
≤10	12

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	8
≤5	38
≤6	68
≤7	73
≤8	30
≤9	22
≤10	7

VulDB

≤1	0
≤2	0
≤3	1
≤4	13
≤5	28
≤6	79
≤7	36
≤8	73
≤9	5
≤10	11

NVD

≤1	0
≤2	0
≤3	0
≤4	3
≤5	1
≤6	13
≤7	14
≤8	30
≤9	11
≤10	27

CNA

≤1	0
≤2	0
≤3	0
≤4	1
≤5	0
≤6	3
≤7	0
≤8	3
≤9	1
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	41
<2k	104
<5k	95
<10k	1
<25k	2
<50k	3
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	244
<2k	2
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Affected Versions (353): 0.0.1, 0.1, 0.1.7, 0.2, 0.2.1, 0.3, 0.4, 0.5, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7, 0.8, 0.9, 0.10, 0.10.1, 0.11, 0.12, 0.12.1, 1, 1.0, 1.0.1, 1.0.2, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8, 1.8.1, 1.8.2, 1.8.2 Pre1, 1.8.2 Pre2, 1.8.3, 1.8.4, 1.8.5, 1.8.5-p23, 1.8.6, 1.8.6-26, 1.8.6-42, 1.8.6-p229, 1.8.6.23, 1.8.7, 1.8.7-16, 1.8.7-33, 1.8.7-173, 1.8.7-248, 1.8.7-249, 1.8.7-299, 1.8.7-302, 1.8.7-334, 1.8.7-p21, 1.8.7-p33, 1.8.7-p299, 1.8.7-p302, 1.8.7-p334, 1.8.7-p352, 1.8.8, 1.9, 1.9.0-, 1.9.0-1, 1.9.0-2, 1.9.0-20060415, 1.9.0-20070709, 1.9.1, 1.9.2, 1.9.2-p18, 1.9.2-p136, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.11, 1.9.12, 1.9.13, 1.9.14, 1.9.15, 1.9.16, 1.9.17, 1.9.18, 1.9.19, 1.9.21, 1.9.22, 1.9.23, 1.10, 1.11, 1.12, 2, 2.0, 2.0.0 Patchlevel 644, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.11, 2.0.12, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.4, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.6, 2.6.0-preview2, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.7, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8, 2.8.1, 2.9, 2.9.1, 2.10.1, 2.10.2, 2.10.3, 2.11, 2.11.1, 2.11.2, 3, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.22, 3.2.22.1, 3.2.22.2, 3.4, 3.4.1, 3.4.2, 4, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.14, 4.1.14.1, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.11, 5, 5.0, 5.0.7, 5.0.7.1, 5.1, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.6, 5.1.6.1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.4.1, 5.2.4.2, 5.2.4.3, 6, 6.0.0.beta2, 6.0.1, 6.0.2, 6.0.3, 6.0.3.1, 6.0.3.2, 6.1.7, 6.1.7.1, 6.1.7.2, 6.1.7.3, 6.1.7.4, 6.1.7.5, 6.1.7.6, 7, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1, 7.1.1, 7.1.2, 7.1.3

Typ oprogramowania: Programming Language Software

Opublikowano	Base	Temp	Słaby punkt	0day	Dzisiaj	Wyk	Prz	CTI	CVE
2024-02-27	5.7	5.6	Ruby on Rails cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2024-26143
2024-02-27	5.3	5.2	Ruby on Rails Active Storage information disclosure	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2024-26144
2024-02-27	6.4	6.3	Ruby on Rails Accept Header denial of service	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2024-26142
2023-10-24	4.0	4.0	ruby-rmagick denial of service	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	CVE-2023-5349
2023-06-29	4.4	4.3	Ruby Incomplete Fix CVE-2023-28755 rfc2396_parser.rb denial of service	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2023-36617
2023-05-28	6.6	6.6	ruby-saml Gem xml_security.rb privilege escalation	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2015-20108
2023-05-02	6.4	6.2	Ruby Help Desk Plugin Ticket privilege escalation	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-1125
2023-04-21	6.5	6.3	oauth-ruby gem X.509 Certificate consumer.rb weak authentication	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2016-11086
2023-04-21	6.4	6.1	MongoDB bson-ruby ObjecId.legal denial of service	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	CVE-2015-4411
2023-03-31	5.5	5.4	Ruby Time denial of service	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	CVE-2023-28756
2023-03-31	5.5	5.4	Ruby URI denial of service	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2023-28755
2023-01-17	6.7	6.6	ruby-git Filename Privilege Escalation	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2022-47318
2022-12-02	4.3	4.3	ruby-mysql Gem privilege escalation	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2021-3270
2022-11-23	7.5	7.2	Ruby cgi.rb Privilege Escalation	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	CVE-2021-33621
2022-10-26	3.8	3.8	Ruby on Rails _table.html.erb cross site scripting [Sporny]	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	CVE-2022-3704
2022-09-29	7.3	7.1	Ruby Tags Array Length Emitter memory corruption	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2016-2338
2022-07-01	7.5	7.4	opensearch-ruby YAML YAML.load privilege escalation	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2022-31115
2022-06-28	4.8	4.7	ruby-mysql privilege escalation	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2021-3779
2022-05-10	7.3	7.0	Ruby Regexp Compiler memory corruption	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2022-28738
2022-05-10	5.5	5.3	Ruby String-to-Float Conversion String#to_f memory corruption	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	CVE-2022-28739
2022-04-05	4.8	4.7	yajl-ruby yajl_buf.c memory corruption	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2022-24795
2022-02-07	5.6	5.4	Ruby CGI.escape_html memory corruption	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2021-41816
2022-01-01	5.5	5.5	Ruby Cookie Name Cookie.parse Privilege Escalation	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2021-41819
2021-10-19	4.8	4.7	Ruby on Rails auto_link cross site scripting	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2011-1497
2021-08-02	5.3	5.1	Ruby StartTLS IMAP weak authentication	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2021-32066

Ruby Luki w zabezpieczeniach

Oś czasu

Ostatni rok

Wersja

Przeciwdziałanie

Wykorzystywanie

Wektor dostępu

Uwierzytelnianie

Interakcja z użytkownikiem

C3BM Index

Ostatni rok

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Sprzedawca

Research

Exploit 0-day

Wykorzystaj dzisiaj

Wykorzystaj wielkość rynku

Ostatni rok

🔴 CTI Zajęcia

🔒 Login Required

Are you interested in using VulDB?