Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 2.2.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2016-2338
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags ar...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
Debian Debian Linux 8.0
1 Github repository
4.3
CVSSv2
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby
Ruby-lang Trunk
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Puppet Puppet Agent 1.0.0
Puppet Puppet Enterprise
1 Github repository
7.5
CVSSv2
CVE-2016-2336
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
7.5
CVSSv2
CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Ruby-lang Ruby 2.2.2
Ruby-lang Ruby 2.3.0
7.5
CVSSv2
CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially construct...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
4.6
CVSSv2
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, and 2.2 prior to 2.2.4, as distributed in Apple OS X prior to 10.11.4 and other products, mishandles tainting, which allows context-dependent malicious users to execute arbit...
Apple Mac Os X
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby
Ruby-lang Ruby 2.2.2
Ruby-lang Ruby 2.2.1
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.2.3
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
3 Github repositories
5
CVSSv2
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.4
Rubygems Rubygems 2.0.1
Rubygems Rubygems 2.0.2
Rubygems Rubygems 2.0.3
Rubygems Rubygems 2.0.10
Rubygems Rubygems 2.0.11
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.2.3
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.12
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started