Search CVE reports
71 – 80 of 86 results
CVE-2012-4522
Medium prioritySome fixes available 2 of 4
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2012-5380
Medium priority** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the...
2 affected packages
ruby1.8, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2012-4481
Medium prioritySome fixes available 5 of 7
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2012-4466
Medium prioritySome fixes available 7 of 8
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2012-4464
Medium prioritySome fixes available 2 of 3
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2012-2126
Medium prioritySome fixes available 2 of 22
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
3 affected packages
jruby, ruby1.9.1, rubygems
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | Not affected | — | Not affected | Not affected | Not affected |
| ruby1.9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| rubygems | Not affected | Not affected | Not in release | Not in release | Not in release |
CVE-2012-2125
Low prioritySome fixes available 2 of 20
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
3 affected packages
jruby, ruby1.9.1, rubygems
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | Not affected | — | Not affected | Not affected | Not affected |
| ruby1.9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| rubygems | Not affected | Not affected | Not in release | Not in release | Not in release |
CVE-2011-4815
Medium prioritySome fixes available 4 of 5
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2011-2705
Medium prioritySome fixes available 3 of 9
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
CVE-2011-0188
Low prioritySome fixes available 3 of 14
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent...
3 affected packages
ruby1.8, ruby1.9, ruby1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |