Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-3655
Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent malicious users to bypass...
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6.8
2 EDB exploits
7.8
CVSSv2
CVE-2008-3656
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 allows...
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6.8
1 EDB exploit
7.5
CVSSv2
CVE-2008-3657
The dl module in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent malicious users to bypass safe levels and execute da...
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6.8
1 EDB exploit
7.5
CVSSv2
CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 prior to 2.1.8 opens libraries with tainted names.
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1.5
1 Github repository
5.8
CVSSv2
CVE-2008-3905
resolv.rb in Ruby 1.8.5 and previous versions, 1.8.6 prior to 1.8.6-p287, 1.8.7 prior to 1.8.7-p72, and 1.9 r18423 and previous versions uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote malicious users to spoof DNS respo...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.6
4.6
CVSSv2
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, and 2.2 prior to 2.2.4, as distributed in Apple OS X prior to 10.11.4 and other products, mishandles tainting, which allows context-dependent malicious users to execute arbit...
Apple Mac Os X
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.2.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.2.1
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.2
3 Github repositories
5
CVSSv2
CVE-2008-3443
The regular expression engine (regex.c) in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 allows remote malicious users to cause a denial of service (infinite loop and crash) via multiple long re...
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6.8
1 EDB exploit
5
CVSSv2
CVE-2011-2705
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent malicious users to predict the result string by leveraging knowledge of ran...
Ruby-lang Ruby 1.8.7-302
Ruby-lang Ruby 1.8.7-249
Ruby-lang Ruby 1.8.7-299
Ruby-lang Ruby
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.7-330
Ruby-lang Ruby 1.8.7-160
Ruby-lang Ruby 1.8.7-173
Ruby-lang Ruby 1.8.7-p21
Ruby-lang Ruby 1.8.7-248
Ruby-lang Ruby 1.9.0-0
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.9.0-1
Ruby-lang Ruby 1.9.0-20070709
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.0-20060415
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.0-2
Ruby-lang Ruby 1.9.2-p180
Ruby-lang Ruby 1.9.2-p136
5
CVSSv2
CVE-2013-1821
lib/rexml/text.rb in the REXML parser in Ruby prior to 1.9.3-p392 allows remote malicious users to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Ruby
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
6.8
CVSSv2
CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and previous versions, as used on Apple Mac OS X prior to 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent malicious users to execute arbitrary code or ...
Ruby-lang Ruby
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.9.0-0
Ruby-lang Ruby 1.9.0-1
Ruby-lang Ruby 1.9.0-2
Ruby-lang Ruby 1.9.0-20060415
Ruby-lang Ruby 1.9.0-20070709
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »