Search CVE reports
31 – 40 of 62 results
CVE-2011-1005
Low prioritySome fixes available 4 of 12
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2011-1004
Low prioritySome fixes available 3 of 14
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2010-2489
Unknown priorityBuffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
2 affected packages
ruby1.8, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2010-0541
Low prioritySome fixes available 2 of 12
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2009-4492
Negligible prioritySome fixes available 4 of 12
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2009-4124
Medium prioritySome fixes available 4 of 7
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust,...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2009-1904
Medium prioritySome fixes available 8 of 10
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an...
2 affected packages
ruby1.8, ruby1.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
CVE-2009-0642
Low prioritySome fixes available 6 of 10
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving...
2 affected packages
ruby1.8, ruby1.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
CVE-2008-3905
Medium prioritySome fixes available 8 of 12
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for...
2 affected packages
ruby1.8, ruby1.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
CVE-2008-3790
Low prioritySome fixes available 8 of 12
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an...
2 affected packages
ruby1.8, ruby1.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |