Total
105 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1911 | 2 Mark Burns, Ruby-lang | 2 Ldoce, Ruby | 2017-08-28 | 6.8 MEDIUM | N/A |
lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in (1) an mp3 URL or (2) file name. | |||||
CVE-2012-5371 | 1 Ruby-lang | 1 Ruby | 2017-08-28 | 5.0 MEDIUM | N/A |
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. | |||||
CVE-2011-4815 | 1 Ruby-lang | 1 Ruby | 2017-08-28 | 7.8 HIGH | N/A |
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
CVE-2011-3009 | 1 Ruby-lang | 1 Ruby | 2017-08-28 | 5.0 MEDIUM | N/A |
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. | |||||
CVE-2010-2489 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2017-08-16 | 7.2 HIGH | N/A |
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. | |||||
CVE-2009-4124 | 1 Ruby-lang | 1 Ruby | 2017-08-16 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-1891 | 1 Ruby-lang | 1 Ruby | 2017-08-07 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. | |||||
CVE-2017-11465 | 1 Ruby-lang | 1 Ruby | 2017-07-25 | 7.5 HIGH | 9.8 CRITICAL |
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. | |||||
CVE-2017-9225 | 3 Oniguruma Project, Php, Ruby-lang | 3 Oniguruma, Php, Ruby | 2017-06-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. | |||||
CVE-2017-6181 | 1 Ruby-lang | 1 Ruby | 2017-04-11 | 5.0 MEDIUM | 7.5 HIGH |
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | |||||
CVE-2016-2336 | 1 Ruby-lang | 1 Ruby | 2017-01-10 | 7.5 HIGH | 9.8 CRITICAL |
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. | |||||
CVE-2014-8090 | 1 Ruby-lang | 1 Ruby | 2017-01-02 | 5.0 MEDIUM | N/A |
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. | |||||
CVE-2013-1821 | 1 Ruby-lang | 1 Ruby | 2016-12-07 | 5.0 MEDIUM | N/A |
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. | |||||
CVE-2014-2734 | 1 Ruby-lang | 1 Ruby | 2014-11-18 | 5.8 MEDIUM | N/A |
** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher. | |||||
CVE-2012-4466 | 1 Ruby-lang | 1 Ruby | 2014-02-11 | 5.0 MEDIUM | N/A |
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. | |||||
CVE-2013-4136 | 2 Phusion, Ruby-lang | 2 Passenger, Ruby | 2013-10-10 | 4.4 MEDIUM | N/A |
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. | |||||
CVE-2013-5647 | 2 Adam Zaninovich, Ruby-lang | 2 Sounder, Ruby | 2013-08-29 | 7.5 HIGH | N/A |
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2012-4464 | 1 Ruby-lang | 1 Ruby | 2013-08-26 | 5.0 MEDIUM | N/A |
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression. | |||||
CVE-2011-1005 | 1 Ruby-lang | 1 Ruby | 2013-08-13 | 5.0 MEDIUM | N/A |
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. | |||||
CVE-2012-4522 | 1 Ruby-lang | 1 Ruby | 2013-05-03 | 5.0 MEDIUM | N/A |
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. |