Ruby@* Security Vulnerabilities and Issues — Page 2 of Ruby@* CVE List

Lucene search

Ruby-langRuby*

57 matches found

CVE•added 2008/06/24 7:41 p.m.•63 views

CVE-2008-2725

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "...

7.8CVSS7AI score0.0535EPSS

CVE•added 2008/09/04 5:41 p.m.•62 views

CVE-2008-3905

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-144...

5.8CVSS6.6AI score0.88803EPSS

CVE•added 2008/06/24 7:41 p.m.•60 views

CVE-2008-2663

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-20...

10CVSS7.2AI score0.0535EPSS

CVE•added 2008/08/13 1:41 a.m.•57 views

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

7.5CVSS6.7AI score0.34912EPSS

CVE•added 2011/08/05 10:55 p.m.•52 views

CVE-2011-3009

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.

5CVSS6.2AI score0.00567EPSS

CVE•added 2011/08/05 9:55 p.m.•51 views

CVE-2011-2686

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue ...

5CVSS6.2AI score0.01802EPSS

CVE•added 2017/09/06 9:29 p.m.•44 views

CVE-2014-6438

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

7.5CVSS7.2AI score0.01078EPSS

Total number of security vulnerabilities57