EUVD-2017-0168

Malware in sbrugna...

RHSA-2014:0510 Red Hat Security Advisory: ruby193-rubygem-actionpack security update

Bulletin has no description...

RHSA-2014:0011 Red Hat Security Advisory: ruby193-ruby security update

Bulletin has no description...

RHSA-2013:1523 Red Hat Security Advisory: ruby193-ruby security update

Bulletin has no description...

Ruby on Rails JSON Processor Floating Point Heap Overflow Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor Floating Point Heap Overflow DoS', 'Description' = %q When Ruby attempts to convert a string representation of a lar...

SUSE CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

SUSE CVE-2013-1945

ruby193 uses an insecure LDLIBRARYPATH setting...

Private Ruby OpenSSL RSA key generation is always "1"

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

GHSA-574Q-FXFJ-WV6H Puppet Improper Input Validation vulnerability

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

ruby: off-by-one stack-based buffer overflow in the encodes() function

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...

Stack overflow

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...

CVE-2014-4975

CVE-2014-4975 is an off-by-one stack-based buffer overflow in the encodes() function (pack.c) of Ruby 1.9.3 and earlier, and 2.x through 2.1.2, triggered by certain format string specifiers. This can cause a denial of service via segmentation fault. Connected advisories note this Ruby pack() issu...

Critical: ruby19

Issue Overview: Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that...

Medium: ruby19

Issue Overview: lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby19 Issue Correction: Run yum...

Puppet Unsafe YAML Unserialization

According to its self-reported version number, the Puppet install on the remote host has a remote code execution vulnerability. Specially crafted YAML encoded objects are not unserialized safely. A remote, unauthenticated attacker could exploit this to execute arbitrary code. The issue is...

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 are vulnerable to a context-dependent taint bypass via exc_to_s or name_err_to_s in the exception-to-string paths, allowing modification of untainted strings and bypassing safe-level restrictions (distinct from CVE-2012-4466). Root c...

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

DEBIAN-CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...