Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2009-4124
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 prior to 1.9.1-p376 allows context-dependent malicious users to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of the...
Ruby-lang Ruby 1.9.1
890
VMScore
CVE-2008-2662
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2 allow context-dependent malicious users to execute arbitrary code or cause ...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
890
VMScore
CVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, and 1.8.7 prior to 1.8.7-p22 allow context-dependent malicious users to execute arbitrary code or cause a denial of service via unkno...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
785
VMScore
CVE-2008-4310
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote malicious users to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.1
1 EDB exploit
785
VMScore
CVE-2008-3656
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 allows...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby
1 EDB exploit
760
VMScore
CVE-2008-3655
Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent malicious users to bypass...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby
Ruby-lang Ruby 1.8.0
2 EDB exploits
755
VMScore
CVE-2009-4492
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, ...
Ruby-lang Webrick 1.3.1
1 EDB exploit
755
VMScore
CVE-2008-3657
The dl module in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent malicious users to bypass safe levels and execute da...
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
1 EDB exploit
720
VMScore
CVE-2013-4164
Heap-based buffer overflow in Ruby 1.8, 1.9 prior to 1.9.3-p484, 2.0 prior to 2.0.0-p353, 2.1 prior to 2.1.0 preview2, and trunk before revision 43780 allows context-dependent malicious users to cause a denial of service (segmentation fault) and possibly execute arbitrary code vi...
Ruby-lang Ruby 2.1
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.8
695
VMScore
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »