Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 2.2.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-2338
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags ar...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
Debian Debian Linux 8.0
1 Github repository
9.8
CVSSv3
CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
9.8
CVSSv3
CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially construct...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
9.8
CVSSv3
CVE-2016-2336
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
8.4
CVSSv3
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, and 2.2 prior to 2.2.4, as distributed in Apple OS X prior to 10.11.4 and other products, mishandles tainting, which allows context-dependent malicious users to execute arbit...
Apple Mac Os X
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.2.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.2.1
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.2
3 Github repositories
5.9
CVSSv3
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Trunk
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Puppet Puppet Enterprise
Puppet Puppet Agent 1.0.0
1 Github repository
NA
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.1.5
Rubygems Rubygems 2.4.3
Rubygems Rubygems 2.2.1
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.0.13
Rubygems Rubygems 2.0.6
Rubygems Rubygems 2.0.15
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.2.0
Rubygems Rubygems 2.4.5
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started