Search CVE reports
51 – 57 of 57 results
CVE-2014-3916
Negligible priorityThe str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-8090
Medium prioritySome fixes available 8 of 12
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document...
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-8080
Medium prioritySome fixes available 8 of 13
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-4975
Low prioritySome fixes available 7 of 12
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault)...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-2734
Low priority** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts...
4 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
CVE-2013-4164
Medium prioritySome fixes available 10 of 14
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault)...
4 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
CVE-2013-2065
Low prioritySome fixes available 4 of 6
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
3 affected packages
ruby1.8, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |