Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2734
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote malicious users to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence ...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.0
Ruby-lang Ruby 2.1
1 Github repository
NA
CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code vi...
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.8
NA
CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 prior to 1.9.3 patchlevel 426, and 2.0 prior to 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent malicious users to bypass intended $SAFE level restrictions.
Opensuse Opensuse 12.2
Opensuse Opensuse 12.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0
NA
CVE-2013-4363
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems prior to 1.8.23.2, 1.8.24 up to and including 1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, as used in Ruby 1.9.0 up to and including 2.0.0p247, allows...
Rubygems Rubygems 2.1.4
Rubygems Rubygems
Rubygems Rubygems 2.0.2
Rubygems Rubygems 2.0.3
Rubygems Rubygems 1.8.24
Rubygems Rubygems 1.8.25
Rubygems Rubygems 1.8.13
Rubygems Rubygems 1.8.14
Rubygems Rubygems 1.8.21
Rubygems Rubygems 1.8.22
Rubygems Rubygems 1.8.9
Rubygems Rubygems 2.1.0
Rubygems Rubygems 2.0.0
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.0.5
Rubygems Rubygems 1.8.26
Rubygems Rubygems 1.8.0
Rubygems Rubygems 1.8.15
Rubygems Rubygems 1.8.16
Rubygems Rubygems 1.8.17
Rubygems Rubygems 1.8.3
Rubygems Rubygems 1.8.4
NA
CVE-2012-4481
The safe-level feature in Ruby 1.8.7 allows context-dependent malicious users to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
Ruby-lang Ruby 1.8.7
NA
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerabi...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.3
NA
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent malicious users to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a di...
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.8.7
NA
CVE-2013-1821
lib/rexml/text.rb in the REXML parser in Ruby prior to 1.9.3-p392 allows remote malicious users to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.0
NA
CVE-2013-0256
darkfish.js in RDoc 2.3.0 up to and including 3.12 and 4.x prior to 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL.
Ruby-lang Rdoc
Ruby-lang Rdoc 4.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby 2.0.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
NA
CVE-2012-5371
Ruby (aka CRuby) 1.9 prior to 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to ...
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »