Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 1.9.3 vulnerabilities and exploits
(subscribe to this query)
720
VMScore
CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code vi...
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.8
668
VMScore
CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 prior to 2.1.8 opens libraries with tainted names.
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.1.1
1 Github repository
605
VMScore
CVE-2012-5380
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system enviro...
Ruby-lang Ruby 1.9.3
1 EDB exploit
570
VMScore
CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 prior to 1.9.3 patchlevel 426, and 2.0 prior to 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent malicious users to bypass intended $SAFE level restrictions.
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0
561
VMScore
CVE-2011-1004
The FileUtils.remove_entry_secure method in Ruby 1.8.6 up to and including 1.8.6-420, 1.8.7 up to and including 1.8.7-330, 1.8.8dev, 1.9.1 up to and including 1.9.1-430, 1.9.2 up to and including 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink a...
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.8
Ruby-lang Ruby 1.9.1
445
VMScore
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.4
Rubygems Rubygems 2.0.1
Rubygems Rubygems 2.0.2
Rubygems Rubygems 2.0.3
Rubygems Rubygems 2.0.10
Rubygems Rubygems 2.0.11
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.2.3
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.12
1 Github repository
1 Article
445
VMScore
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a di...
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.8.7
445
VMScore
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerabi...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.3
445
VMScore
CVE-2013-1821
lib/rexml/text.rb in the REXML parser in Ruby prior to 1.9.3-p392 allows remote malicious users to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
445
VMScore
CVE-2012-5371
Ruby (aka CRuby) 1.9 prior to 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to ...
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »