Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 1.9.1 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2009-4124
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 prior to 1.9.1-p376 allows context-dependent malicious users to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of the...
Ruby-lang Ruby 1.9.1
7.5
CVSSv2
CVE-2009-4492
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, ...
Ruby-lang Webrick 1.3.1
1 EDB exploit
7.2
CVSSv2
CVE-2010-2489
Buffer overflow in Ruby 1.9.x prior to 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
Ruby-lang Ruby 1.9.0-0
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.0-1
Ruby-lang Ruby 1.9.0-2
Ruby-lang Ruby 1.9.0-20060415
Ruby-lang Ruby 1.9.0-20070709
6.8
CVSSv2
CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code vi...
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.8
6.8
CVSSv2
CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and previous versions, as used on Apple Mac OS X prior to 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent malicious users to execute arbitrary code or ...
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.0-20060415
Ruby-lang Ruby
Ruby-lang Ruby 1.9.0-0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.0-20070709
Ruby-lang Ruby 1.9.0-1
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.9.0-2
6.4
CVSSv2
CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 prior to 1.9.3 patchlevel 426, and 2.0 prior to 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent malicious users to bypass intended $SAFE level restrictions.
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0
6.3
CVSSv2
CVE-2011-1004
The FileUtils.remove_entry_secure method in Ruby 1.8.6 up to and including 1.8.6-420, 1.8.7 up to and including 1.8.7-330, 1.8.8dev, 1.9.1 up to and including 1.9.1-430, 1.9.2 up to and including 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink a...
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.8
Ruby-lang Ruby 1.9.1
5
CVSSv2
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.4
Rubygems Rubygems 2.0.1
Rubygems Rubygems 2.0.2
Rubygems Rubygems 2.0.3
Rubygems Rubygems 2.0.10
Rubygems Rubygems 2.0.11
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.2.3
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.12
1 Github repository
1 Article
5
CVSSv2
CVE-2013-1821
lib/rexml/text.rb in the REXML parser in Ruby prior to 1.9.3-p392 allows remote malicious users to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
5
CVSSv2
CVE-2012-5371
Ruby (aka CRuby) 1.9 prior to 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to ...
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »