Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 1.8.7 vulnerabilities and exploits
(subscribe to this query)
6.3
CVSSv2
CVE-2011-1004
The FileUtils.remove_entry_secure method in Ruby 1.8.6 up to and including 1.8.6-420, 1.8.7 up to and including 1.8.7-330, 1.8.8dev, 1.9.1 up to and including 1.9.1-430, 1.9.2 up to and including 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink a...
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.8
Ruby-lang Ruby 1.9.1
5.8
CVSSv2
CVE-2008-3905
resolv.rb in Ruby 1.8.5 and previous versions, 1.8.6 prior to 1.8.6-p287, 1.8.7 prior to 1.8.7-p72, and 1.9 r18423 and previous versions uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote malicious users to spoof DNS respo...
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6
5
CVSSv2
CVE-2011-3624
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and previous versions do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote malicious users to inject arbitrary text into log files or bypass inten...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.2
5
CVSSv2
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a di...
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.8.7
5
CVSSv2
CVE-2013-1821
lib/rexml/text.rb in the REXML parser in Ruby prior to 1.9.3-p392 allows remote malicious users to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
5
CVSSv2
CVE-2011-2686
Ruby prior to 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent malicious users to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2...
Ruby-lang Ruby 1.8.7-302
Ruby-lang Ruby 1.8.7-249
Ruby-lang Ruby 1.8.7-299
Ruby-lang Ruby
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.7-330
Ruby-lang Ruby 1.8.7-160
Ruby-lang Ruby 1.8.7-173
Ruby-lang Ruby 1.8.7-p21
Ruby-lang Ruby 1.8.7-248
5
CVSSv2
CVE-2011-2705
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby prior to 1.8.7-p352 and 1.9.x prior to 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent malicious users to predict the result string by leveraging knowledge of ran...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby
Ruby-lang Ruby 1.8.7-p21
Ruby-lang Ruby 1.8.7-173
Ruby-lang Ruby 1.8.7-160
Ruby-lang Ruby 1.8.7-330
Ruby-lang Ruby 1.8.7-249
Ruby-lang Ruby 1.8.7-248
Ruby-lang Ruby 1.8.7-302
Ruby-lang Ruby 1.8.7-299
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.9.0-2
Ruby-lang Ruby 1.9.0-20070709
Ruby-lang Ruby 1.9.0-1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.2-p180
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.0-0
Ruby-lang Ruby 1.9.2-p136
Ruby-lang Ruby 1.9.0-20060415
5
CVSSv2
CVE-2011-1005
The safe-level feature in Ruby 1.8.6 up to and including 1.8.6-420, 1.8.7 up to and including 1.8.7-330, and 1.8.8dev allows context-dependent malicious users to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
Ruby-lang Ruby 1.8.7-330
Ruby-lang Ruby 1.8.8
Ruby-lang Ruby 1.8.6-420
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.6
5
CVSSv2
CVE-2009-1904
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent malicious users to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.6
5
CVSSv2
CVE-2008-3790
The REXML module in Ruby 1.8.6 up to and including 1.8.6-p287, 1.8.7 up to and including 1.8.7-p72, and 1.9 allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explos...
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »