Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 1.9 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2009-0642
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote malicious users to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.8
7.8
CVSSv2
CVE-2008-4310
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote malicious users to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.1
1 EDB exploit
5.8
CVSSv2
CVE-2008-3905
resolv.rb in Ruby 1.8.5 and previous versions, 1.8.6 prior to 1.8.6-p287, 1.8.7 prior to 1.8.7-p72, and 1.9 r18423 and previous versions uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote malicious users to spoof DNS respo...
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.6
5
CVSSv2
CVE-2008-3790
The REXML module in Ruby 1.8.6 up to and including 1.8.6-p287, 1.8.7 up to and including 1.8.7-p72, and 1.9 allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explos...
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9
1 EDB exploit
5
CVSSv2
CVE-2008-3443
The regular expression engine (regex.c) in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 allows remote malicious users to cause a denial of service (infinite loop and crash) via multiple long re...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.9.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-3655
Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent malicious users to bypass...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby
Ruby-lang Ruby 1.8.0
2 EDB exploits
7.8
CVSSv2
CVE-2008-3656
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 allows...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby
1 EDB exploit
7.5
CVSSv2
CVE-2008-3657
The dl module in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent malicious users to bypass safe levels and execute da...
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
1 EDB exploit
5
CVSSv2
CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 prior to 1.8.5-p115 and 1.8.6-p114, and 1.9 up to and including 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote malicious users to access arbitrary f...
Ruby-lang Webrick -
Fedoraproject Fedora 8
Fedoraproject Fedora 7
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2