Search CVE reports
61 – 70 of 86 results
CVE-2014-2734
Low priority** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts...
4 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
CVE-2013-4164
Medium prioritySome fixes available 10 of 14
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault)...
4 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
CVE-2013-2065
Low prioritySome fixes available 4 of 6
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
3 affected packages
ruby1.8, ruby1.9.1, ruby2.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
CVE-2013-4363
Low priorityAlgorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0...
3 affected packages
jruby, ruby1.9.1, rubygems
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| rubygems | — | — | — | — | — |
CVE-2013-4287
Low priorityAlgorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0...
3 affected packages
jruby, ruby1.9.1, rubygems
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| rubygems | — | — | — | — | — |
CVE-2013-4073
Medium prioritySome fixes available 6 of 8
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject...
2 affected packages
ruby1.8, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2013-1821
Medium prioritySome fixes available 8 of 11
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
2 affected packages
ruby1.8, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2013-0269
Medium prioritySome fixes available 7 of 13
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON...
2 affected packages
ruby-json, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby-json | — | — | — | — | Not affected |
| ruby1.9.1 | — | — | — | — | Not in release |
CVE-2013-0256
Medium prioritySome fixes available 3 of 14
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
4 affected packages
ruby-defaults, ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby-defaults | — | — | — | — | — |
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2012-5371
Low prioritySome fixes available 4 of 7
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial...
2 affected packages
ruby1.8, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |