Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 4:39 a.m.2 views

SUSE CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...

5.3CVSS9.6AI score0.09445EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2017/12/19 8:37 a.m.2 views

ruby: Arbitrary heap exposure during a JSON.generate call

A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory...

9.8CVSS7.5AI score0.09445EPSS
Exploits1References5
Amazon
Amazonadded 2017/10/26 12:0 a.m.64 views

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

9.8CVSS9.8AI score0.29442EPSS
Exploits8
Tenable Nessus
Tenable Nessusadded 2017/10/03 12:0 a.m.57 views

Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)

SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session...

9.8CVSS7.8AI score0.29442EPSS
Exploits9References11
BDU FSTEC
BDU FSTECadded 2017/09/28 12:0 a.m.5 views

The vulnerability of the Ruby interpreter arises from an operation that goes beyond buffer boundaries in memory, allowing a malicious actor to trigger a service failure.

The vulnerability of the Ruby interpreter arises from an operation that occurs outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure during the execution of the JSON.generate function. The problem lies in the use of the strdu...

7.5CVSS7.2AI score0.09445EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2017/08/31 5:29 p.m.21 views

CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...

9.8CVSS9.4AI score0.09445EPSS
Exploits1References16
OSV
OSVadded 2017/08/31 12:0 a.m.0 views

UBUNTU-CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is...

9.8CVSS6.9AI score0.09445EPSS
Exploits1References7
Rows per page
Query Builder