Ruby@* Security Vulnerabilities and Issues — Page 2 of Ruby@* CVE List

Lucene search

Ruby-langRuby*

57 matches found

CVE•added 2008/09/04 5:41 p.m.•65 views

CVE-2008-3905

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-144...

5.8CVSS6.6AI score0.87602EPSS

CVE•added 2008/04/18 10:5 p.m.•64 views

CVE-2008-1891

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (e...

5CVSS6.5AI score0.004EPSS

CVE•added 2008/06/24 7:41 p.m.•63 views

CVE-2008-2663

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-20...

10CVSS7.2AI score0.04012EPSS

CVE•added 2008/08/13 1:41 a.m.•59 views

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

7.5CVSS6.7AI score0.31988EPSS

CVE•added 2011/08/05 10:55 p.m.•55 views

CVE-2011-3009

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.

5CVSS6.2AI score0.00567EPSS

CVE•added 2011/08/05 9:55 p.m.•52 views

CVE-2011-2686

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue ...

5CVSS6.2AI score0.01766EPSS

CVE•added 2017/09/06 9:29 p.m.•46 views

CVE-2014-6438

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

7.5CVSS7.2AI score0.01085EPSS

Total number of security vulnerabilities57