Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby 1.9.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3790
The REXML module in Ruby 1.8.6 up to and including 1.8.6-p287, 1.8.7 up to and including 1.8.7-p72, and 1.9 allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explos...
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9
1 EDB exploit
NA
CVE-2009-0642
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote malicious users to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.8
NA
CVE-2009-1904
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent malicious users to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.6
NA
CVE-2007-5162
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote malicious users to ...
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
NA
CVE-2007-5770
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote malici...
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
5.3
CVSSv3
CVE-2020-10933
An issue exists in Ruby 2.5.x up to and including 2.5.7, 2.6.x up to and including 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the bu...
Ruby-lang Ruby
Ruby-lang Ruby 2.7.0
Fedoraproject Fedora 31
Debian Debian Linux 10.0
NA
CVE-2008-2376
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent malicious users to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greate...
Ruby-lang Ruby 1.8.6.230
7.5
CVSSv3
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
5.3
CVSSv3
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
NA
CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 prior to 1.8.5-p115 and 1.8.6-p114, and 1.9 up to and including 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote malicious users to access arbitrary f...
Ruby-lang Webrick -
Fedoraproject Fedora 8
Fedoraproject Fedora 7
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »