MiracleLinux 7 : ruby-2.0.0.648-39.0.4.el7.AXS7 (AXSA:2025-10964:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10964:04 advisory. CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution CVE-2017-9224: Fix stack...

Linux Distros Unpatched Vulnerability : CVE-2016-2337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as retval argument can cause arbitrary co...

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Fiddle::Function.new heap buffer overflow CVE-2016-2339 - Type confusion exists in canceleval Ruby'...

Mageia: Security Advisory (MGASA-2017-0290)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1617)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1051)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1050)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to...

Debian: Security Advisory (DLA-1480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1480-1 : ruby2.1 security update

Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337 Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution. CVE-2018-1000073 RubyGems contains a Directory Travers...

[SECURITY] [DLA 1480-1] ruby2.1 security update

Package : ruby2.1 Version : 2.1.5-2+deb8u5 CVE ID : CVE-2016-2337 CVE-2018-1000073 CVE-2018-1000074 Debian Bug : 895778 851161 Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337 Type confusion exists in canceleval Rubys TclTkIp class method. Attacker passing different type of obje...

Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities(CVE-2016-2337)

DESCRIPTION Type Confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. TESTED VERSIONS Ruby 2.3.0 dev Ruby 2.2.2 Tcl/Tk8.6 or later PRODUCT URLs https://www.ruby-lang.org DETAILS...

GLSA-201710-18 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201710-18 Ruby: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code, cause a Denial of...

Ubuntu: Security Advisory (USN-3365-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new...

EulerOS 2.0 SP1 : ruby (EulerOS-SA-2017-1050)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new...

CVE-2016-2337

Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution...

CVE-2016-2337

CVE-2016-2337 fixes a type confusion in Ruby’s TclTkIp._cancel_eval method. An attacker could cause arbitrary code execution by passing a non-String as the retval argument. Public advisories (e.g., MiracleLinux AXSA-2025-10964:04) reference this CVE and note a fix to prevent the type confusion; t...

CVE-2016-2337

Removed by vendor...

CVE-2016-2337

Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution...