Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Ruby-langRuby

3 matches found

CVE
CVEadded 2017/01/06 9:59 p.m.121 views

CVE-2016-2339

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can inc...

9.8CVSS7.5AI score0.00703EPSS
CVE
CVEadded 2017/01/06 9:59 p.m.115 views

CVE-2016-2337

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

9.8CVSS8.7AI score0.00983EPSS
CVE
CVEadded 2017/01/06 9:59 p.m.43 views

CVE-2016-2336

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

9.8CVSS9.6AI score0.01459EPSS