Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-3790
The REXML module in Ruby 1.8.6 up to and including 1.8.6-p287, 1.8.7 up to and including 1.8.7-p72, and 1.9 allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explos...
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9
1 EDB exploit
5
CVSSv2
CVE-2008-3443
The regular expression engine (regex.c) in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 allows remote malicious users to cause a denial of service (infinite loop and crash) via multiple long re...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.9.0
1 EDB exploit
5
CVSSv2
CVE-2008-1891
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2, when using NTFS or FAT filesystems, allows remote malicious users to read arbitrary CGI fi...
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby
5
CVSSv2
CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 prior to 1.8.5-p115 and 1.8.6-p114, and 1.9 up to and including 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote malicious users to access arbitrary f...
Ruby-lang Webrick -
Fedoraproject Fedora 8
Fedoraproject Fedora 7
1 EDB exploit
5
CVSSv2
CVE-2007-5770
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote malici...
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
4.6
CVSSv2
CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby prior to 2.0.0-p648, 2.1 prior to 2.1.8, and 2.2 prior to 2.2.4, as distributed in Apple OS X prior to 10.11.4 and other products, mishandles tainting, which allows context-dependent malicious users to execute arbit...
Apple Mac Os X
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby
Ruby-lang Ruby 2.2.2
Ruby-lang Ruby 2.2.1
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 2.2.3
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.3
3 Github repositories
4.4
CVSSv2
CVE-2021-31799
In RDoc 3.11 up to and including 6.x prior to 6.3.1, as distributed with Ruby up to and including 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Ruby-lang Rdoc
Oracle Jd Edwards Enterpriseone Tools
4.3
CVSSv2
CVE-2022-28739
There is a buffer over-read in Ruby prior to 2.6.10, 2.7.x prior to 2.7.6, 3.x prior to 3.0.4, and 3.1.x prior to 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
Ruby-lang Ruby
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Apple Macos
4.3
CVSSv2
CVE-2015-1855
verify_certificate_identity in the OpenSSL extension in Ruby prior to 2.0.0 patchlevel 645, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.2 does not properly validate hostnames, which allows remote malicious users to spoof servers via vectors related to (1) multiple wildcards, (1)...
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby
Ruby-lang Trunk
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Puppet Puppet Agent 1.0.0
Puppet Puppet Enterprise
1 Github repository
4.3
CVSSv2
CVE-2015-9096
Net::SMTP in Ruby prior to 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Ruby-lang Ruby
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »