Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

71 – 80 of 104 results


CVE-2012-4522

Medium priority

Some fixes available 2 of 4

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2012-5380

Medium priority
Ignored

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the...

2 affected packages

ruby1.8, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9.1
Show less packages

CVE-2012-4481

Medium priority

Some fixes available 5 of 7

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2012-4466

Medium priority

Some fixes available 7 of 8

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2012-4464

Medium priority

Some fixes available 2 of 3

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2012-2126

Medium priority

Some fixes available 2 of 22

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

3 affected packages

jruby, ruby1.9.1, rubygems

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Not affected Not affected
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
rubygems Not affected Not affected Not in release Not in release Not in release
Show less packages

CVE-2012-2125

Low priority

Some fixes available 2 of 20

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

3 affected packages

jruby, ruby1.9.1, rubygems

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Not affected Not affected
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
rubygems Not affected Not affected Not in release Not in release Not in release
Show less packages

CVE-2011-4815

Medium priority

Some fixes available 4 of 5

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2011-2705

Medium priority

Some fixes available 3 of 9

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2011-0188

Low priority

Some fixes available 3 of 14

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages