Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5380
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system enviro...
Ruby-lang Ruby 1.9.3
1 EDB exploit
NA
CVE-2012-4481
The safe-level feature in Ruby 1.8.7 allows context-dependent malicious users to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
Ruby-lang Ruby 1.8.7
7.8
CVSSv3
CVE-2018-1000201
ruby-ffi version 1.9.23 and previous versions has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
Ruby-ffi Project Ruby-ffi
9.8
CVSSv3
CVE-2017-11465
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows malicious users to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might h...
Ruby-lang Ruby 2.4.1
NA
CVE-2009-4124
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 prior to 1.9.1-p376 allows context-dependent malicious users to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of the...
Ruby-lang Ruby 1.9.1
NA
CVE-2008-2376
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent malicious users to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greate...
Ruby-lang Ruby 1.8.6.230
7.5
CVSSv3
CVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote malicious users to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Ruby-lang Ruby 2.4.0
NA
CVE-2006-3694
Multiple unspecified vulnerabilities in Ruby prior to 1.8.5 allow remote malicious users to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
Yukihiro Matsumoto Ruby 1.8.2
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.4
7.5
CVSSv3
CVE-2020-25613
An issue exists in Ruby up to and including 2.5.8, 2.6.x up to and including 2.6.6, and 2.7.x up to and including 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue ...
Ruby-lang Ruby
Ruby-lang Webrick
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may...
Yajl-ruby Project Yajl-ruby
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »