Lucene search
GoogleOSV:DLA-235-1HistoryMay 30, 2015 - 12:00 a.m.
ruby1.9.1 - security update
2015-05-3000:00:00
Google
osv.dev
11
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
89.3%
- CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
and other platforms, does not properly allocate memory, which allows
context-dependent attackers to execute arbitrary code or cause a
denial of service (application crash) via vectors involving creation
of a large BigDecimal value within a 64-bit process, related to an
βinteger truncation issue.β - CVE-2011-2705
use upstream SVN r32050 to modify PRNG state to prevent random number
sequence repeatation at forked child process which has same pid.
Reported by Eric Wong. - CVE-2012-4522
The rb_get_path_check function in file.c in Ruby 1.9.3 before
patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent
attackers to create files in unexpected locations or with unexpected
names via a NUL byte in a file path. - CVE-2013-0256
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before
4.0.0.preview2.1, as used in Ruby, does not properly generate
documents, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a crafted URL. - CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426,
and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for
native functions, which allows context-dependent attackers to bypass
intended $SAFE level restrictions. - CVE-2015-1855
OpenSSL extension hostname matching implementation violates RFC 6125
| CPE | Name | Operator | Version |
|---|---|---|---|
| ruby1.9.1 | eq | 1.9.2.0-2 | |
| ruby1.9.1 | eq | 1.9.2.0-2+armhf |
References
Related
nessus
nessus
Debian DLA-235-1 : ruby1.9.1 security update
2015-06-01 00:00:00
openSUSE Security Update : ruby19 (openSUSE-SU-2013:0376-1)
2014-06-13 00:00:00
Fedora 18 : ruby-1.9.3.429-30.fc18 (2013-8375)
2013-05-30 00:00:00
debian
debian
[SECURITY] [DLA 235-1] ruby1.9.1 security update
2015-05-30 20:45:15
[SECURITY] [DLA 224-1] ruby1.8 security update
2015-05-18 21:57:18
[SECURITY] [DSA 3246-1] ruby1.9.1 security update
2015-05-02 11:20:09
openvas
openvas
Debian: Security Advisory (DLA-235-1)
2023-03-08 00:00:00
Oracle: Security Advisory (ELSA-2011-1581)
2015-10-06 00:00:00
FreeBSD Ports: ruby
2012-11-26 00:00:00
prion
prion
Design/Logic Flaw
2011-08-05 21:55:00
Code injection
2013-11-02 19:55:00
Integer overflow
2011-03-23 02:00:00
oraclelinux
oraclelinux
ruby security, bug fix, and enhancement update
2011-12-14 00:00:00
ruby security and bug fix update
2013-01-11 00:00:00
ruby security update
2011-06-28 00:00:00
cve
cve
fedora
fedora
[SECURITY] Fedora 18 Update: ruby-1.9.3.429-30.fc18
2013-05-30 03:09:30
[SECURITY] Fedora 18 Update: ruby-1.9.3.286-19.fc18
2012-10-18 03:50:20
[SECURITY] Fedora 17 Update: ruby-1.9.3.429-30.fc17
2013-05-30 02:56:37
freebsd
freebsd
ruby -- Object taint bypassing in DL and Fiddle in Ruby
2013-05-14 00:00:00
Ruby -- XSS exploit of RDoc documentation generated by rdoc
2013-02-06 00:00:00
slackware
slackware
ruby
2013-05-16 15:44:50
veracode
veracode
Information Leakage
2020-04-10 01:07:07
Arbitrary Code Execution
2020-04-10 00:59:04
Cross-Site Scripting (XSS) In Darkfish.js
2019-01-15 08:51:23
ubuntucve
ubuntucve
seebug
seebug
Ruby ζ¬ε°ζδ»Άεε»ΊζΌζ΄(CVE-2012-4522)
2012-10-23 00:00:00
github
github
RDoc contains XSS vulnerability
2017-10-24 18:33:37
hackerone
hackerone
Ruby: XSS exploit of RDoc documentation generated by rdoc
2021-08-27 12:35:33
Ruby: XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
2023-05-08 13:58:42
amazon
amazon
redhat
redhat
(RHSA-2013:0728) Moderate: rubygem packages security update
2013-04-09 00:00:00
(RHSA-2011:1581) Low: ruby security, bug fix, and enhancement update
2011-12-06 00:00:00
osv
osv
RDoc contains XSS vulnerability
2017-10-24 18:33:37
ruby2.1 - security update
2015-05-02 00:00:00
ruby1.9.1 - security update
2015-05-02 00:00:00
securityvulns
securityvulns
Ruby SSL checks bypass
2015-05-04 00:00:00
[ MDVSA-2015:224 ] ruby
2015-05-04 00:00:00
[USN-2035-1] Ruby vulnerabilities
2013-12-01 00:00:00
mageia
mageia
Updated ruby packages fix CVE-2015-1855
2015-05-03 03:19:16
archlinux
archlinux
ruby: permissive certificate verification
2015-04-14 00:00:00
rubygems
rubygems
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
2012-10-11 20:00:00
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
2013-05-13 20:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-02-28 00:00:00
Ruby vulnerabilities
2013-11-27 00:00:00
Ruby vulnerabilities
2012-10-23 00:00:00
suse
suse
Security update for Ruby 1.9 (important)
2013-04-09 19:05:05
cloudfoundry
cloudfoundry
CVE-2015-1855 Ruby OpenSSL Hostname Verification | Cloud Foundry
2015-04-30 00:00:00
centos
centos
ruby security update
2013-01-09 20:36:59
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
89.3%
Related for OSV:DLA-235-1