Lucene search
K

4 matches found

OSV
OSV
added 2018/03/13 3:29 p.m.2 views

DEBIAN-CVE-2018-1000073

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...

7.5CVSS9.1AI score0.05076EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/08/05 4:0 p.m.3 views

ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

6.8CVSS7AI score0.05741EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2008/07/14 1:38 p.m.7 views

ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS7AI score0.0428EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/07/14 1:26 p.m.8 views

ruby: Integer overflows in rb_ary_store()

Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...

10CVSS7.4AI score0.04456EPSS
Exploits1References4
Rows per page
Query Builder