Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 2.0.0 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Trunk
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Puppet Puppet Enterprise
Puppet Puppet Agent 1.0.0
1 Github repository
7.3
CVSSv3
CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 prior to 2.1.8 opens libraries with tainted names.
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1.5
1 Github repository
8.4
CVSSv3
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, and 2.2 prior to 2.2.4, as distributed in Apple OS X prior to 10.11.4 and other products, mishandles tainting, which allows context-dependent malicious users to execute arbit...
Apple Mac Os X
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.2.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.2.1
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.2
3 Github repositories
NA
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.1.5
Rubygems Rubygems 2.4.3
Rubygems Rubygems 2.2.1
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.0.13
Rubygems Rubygems 2.0.6
Rubygems Rubygems 2.0.15
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.2.0
Rubygems Rubygems 2.4.5
1 Github repository
1 Article
NA
CVE-2014-2734
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote malicious users to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence ...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.0
Ruby-lang Ruby 2.1
1 Github repository
NA
CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code vi...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.8
Ruby-lang Ruby 2.1
NA
CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 prior to 1.9.3 patchlevel 426, and 2.0 prior to 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent malicious users to bypass intended $SAFE level restrictions.
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
NA
CVE-2013-4363
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems prior to 1.8.23.2, 1.8.24 up to and including 1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, as used in Ruby 1.9.0 up to and including 2.0.0p247, allows...
Rubygems Rubygems 1.8.24
Rubygems Rubygems 1.8.16
Rubygems Rubygems 2.1.0
Rubygems Rubygems 2.0.0
Rubygems Rubygems 2.0.6
Rubygems Rubygems 1.8.20
Rubygems Rubygems 1.8.0
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 1.8.8
Rubygems Rubygems 1.8.12
Rubygems Rubygems 1.8.22
Rubygems Rubygems 1.8.17
Rubygems Rubygems 2.1.1
Rubygems Rubygems 1.8.15
Rubygems Rubygems 1.8.5
Rubygems Rubygems 2.1.4
Rubygems Rubygems 1.8.21
Rubygems Rubygems 1.8.2
Rubygems Rubygems 1.8.26
Rubygems Rubygems 1.8.9
Rubygems Rubygems 2.0.3
NA
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerabi...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.3
NA
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a di...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »