Lucene search
K

7 matches found

CVE
CVE
added 2011/12/30 1:0 a.m.154 views

CVE-2011-4815

CVE-2011-4815 affects Ruby (CRuby) and is caused by a hash function implementation that allows predictable hash collisions, enabling context-dependent attackers to cause a denial of service through CPU consumption when Ruby hashes are fed crafted input. Connected advisories confirm multiple vendo...

7.8CVSS8.1AI score0.04246EPSS
CVE
CVE
added 2011/03/23 1:0 a.m.112 views

CVE-2011-0188

CVE-2011-0188 concerns memory allocation in the BigDecimal implementation (bigdecimal.c) for Ruby 1.9.2-p136 and earlier, used on macOS before 10.6.7 and other platforms. The issue is that VpMemAlloc may misallocate memory for very large BigDecimal values in 64-bit processes, enabling context-dep...

6.8CVSS5.7AI score0.03025EPSS
CVE
CVE
added 2011/08/05 9:0 p.m.110 views

CVE-2011-2705

CVE-2011-2705 affects Ruby’s SecureRandom.init in lib/securerandom.rb. The vulnerability arises because SecureRandom.random_bytes relies on PID values for initialization in Ruby versions prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290, enabling context-dependent attackers to predict the generat...

5CVSS5.4AI score0.0195EPSS
CVE
CVE
added 2011/03/02 7:0 p.m.98 views

CVE-2011-1004

CVE-2011-1004 affects Ruby 1.8.6–1.9.3dev; the FileUtils.remove_entry_secure method is vulnerable to a symlink race, allowing local users to delete arbitrary files. Affected versions and impact are documented in trusted advisories. Remediation mentioned in connected docs includes upgrading to Rub...

6.3CVSS7.9AI score0.00385EPSS
CVE
CVE
added 2011/03/02 7:0 p.m.94 views

CVE-2011-1005

The CVE-2011-1005 issue affects Ruby’s safe-level mechanism (Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev), where untrusted strings could be modified via Exception#to_s, enabling context-dependent attackers to alter a pathname. Public advisories reference this vulnerability...

5CVSS6.3AI score0.02772EPSS
CVE
CVE
added 2011/08/05 10:0 p.m.81 views

CVE-2011-3009

CVE-2011-3009 is confirmed in connected advisories as affecting Ruby before 1.8.6-p114, where the random seed is not reset on fork, enabling context-dependent prediction of random numbers (related to CVE-2003-0900). MiracleLinux advisories list this CVE among affected Ruby packages and indicate r...

5CVSS6.2AI score0.02088EPSS
CVE
CVE
added 2011/08/05 9:0 p.m.74 views

CVE-2011-2686

CVE-2011-2686 affects Ruby (MRI) older than 1.8.7-p352; it arises from a regression in 1.8.6 where the random seed is not reset on fork, allowing context-dependent attackers to predict random numbers from a child process. The issue is fixed in Ruby 1.8.7-p352 and later. No exploitation details ar...

5CVSS6.2AI score0.02582EPSS