Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2011-4815
Ruby (aka CRuby) prior to 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to an application that maintains a has...
Ruby-lang Ruby 1.8.7-p334
Ruby-lang Ruby 1.8.7-p330
Ruby-lang Ruby 1.8.7-p302
Ruby-lang Ruby 1.8.7-p299
Ruby-lang Ruby
694
VMScore
CVE-2008-2725
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, and 1.8.7 prior to 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent malicious users to trigger memory corr...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.06
694
VMScore
CVE-2008-2726
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent malicious user...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 6.06
694
VMScore
CVE-2008-2664
The rb_str_format function in Ruby 1.8.4 and previous versions, 1.8.5 prior to 1.8.5-p231, 1.8.6 prior to 1.8.6-p230, 1.8.7 prior to 1.8.7-p22, and 1.9.0 prior to 1.9.0-2 allows context-dependent malicious users to trigger memory corruption via unspecified vectors related to allo...
Ruby-lang Ruby
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 8.04
668
VMScore
CVE-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x prior to 3.0.4 and 3.1.x prior to 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Ruby-lang Ruby
668
VMScore
CVE-2021-41816
CGI.escape_html in Ruby prior to 2.7.5 and 3.x prior to 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem prior to 0.3.1 for Ruby.
Ruby-lang Cgi
Fedoraproject Fedora 34
Fedoraproject Fedora 35
668
VMScore
CVE-2011-4121
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on stron...
Ruby-lang Ruby
668
VMScore
CVE-2017-11465
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows malicious users to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might h...
Ruby-lang Ruby 2.4.1
668
VMScore
CVE-2017-9225
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFF...
Oniguruma Project Oniguruma 6.2.0
Php Php
Ruby-lang Ruby
668
VMScore
CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 prior to 2.1.8 opens libraries with tainted names.
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.8.0
Ruby-lang Ruby 2.1.6
Ruby-lang Ruby 2.1.7
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.4
Ruby-lang Ruby 2.1.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.1.1
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »