Lucene search
K

174 matches found

RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.7 views

ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)

Ruby aka CRuby 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains...

5CVSS7.2AI score0.03357EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2011/08/29 12:0 a.m.24 views

Ruby Random Number Values Information Disclosure Vulnerability

This host is installed with Ruby and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbervaluesinfodiscvuln.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Values Information Disclosure Vulnerability Authors: Sooraj KS Copyright:...

5CVSS6.2AI score0.02088EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/29 12:0 a.m.28 views

Ruby Random Number Values Information Disclosure Vulnerability

This host is installed with Ruby and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbervaluesinfodiscvuln01.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Values Information Disclosure Vulnerability Authors: Sooraj KS Copyright:...

5CVSS5.6AI score0.0195EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2011/08/29 12:0 a.m.29 views

Ruby Random Number Generation Local Denial Of Service Vulnerability

This host is installed with Ruby and is prone to local denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbergenerationdosvuln.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Generation Local Denial Of Service Vulnerability Authors: Sooraj KS Copyrigh...

5CVSS6.1AI score0.02582EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2011/03/02 12:0 a.m.29 views

CVE-2011-1004

The FileUtils.removeentrysecure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack...

6.3CVSS6AI score0.00385EPSS
Exploits0References3
Snyk
Snyk
added 2008/12/09 12:30 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service CPU consumption via a crafted HTTP request...

7.8CVSS7.1AI score0.70202EPSS
Exploits3References2
Snyk
Snyk
added 2008/08/27 8:41 p.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested...

5.3CVSS6.7AI score0.15197EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2008/07/14 1:38 p.m.7 views

ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS7AI score0.0428EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/14 1:38 p.m.3 views

ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

7.8CVSS7AI score0.03759EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/14 1:26 p.m.6 views

ruby: Integer overflows in rb_ary_store()

Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...

10CVSS7.4AI score0.04456EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/14 1:26 p.m.3 views

ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

7.8CVSS7AI score0.03759EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/14 1:26 p.m.5 views

ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS7AI score0.0428EPSS
Exploits1References4
CVE
CVE
added 2008/04/18 10:0 p.m.85 views

CVE-2008-1891

The CVE-2008-1891 entry covers a directory traversal in WEBrick for Ruby (affecting Ruby 1.8.4 and earlier, 1.8.5 before p231, 1.8.6 before p230, 1.8.7 before p22, and 1.9.0 before 1.9.0‑2) when using NTFS/FAT filesystems. An attacker could read arbitrary CGI files by supplying a trailing charact...

5CVSS6.5AI score0.02813EPSS
Exploits1References11Affected Software1
RedHat Linux
RedHat Linux
added 2005/10/11 4:3 p.m.7 views

security flaw

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

7.5CVSS5.9AI score0.03256EPSS
Exploits0References4
Rows per page
Query Builder