Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

81 – 90 of 104 results


CVE-2011-1005

Low priority

Some fixes available 4 of 12

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2011-1004

Low priority

Some fixes available 3 of 14

The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2010-2489

Unknown priority
Not affected

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.

2 affected packages

ruby1.8, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9.1
Show less packages

CVE-2010-0541

Low priority

Some fixes available 2 of 12

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2009-4492

Negligible priority

Some fixes available 4 of 12

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2009-4124

Medium priority

Some fixes available 4 of 7

Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust,...

3 affected packages

ruby1.8, ruby1.9, ruby1.9.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
Show less packages

CVE-2009-1904

Medium priority

Some fixes available 8 of 10

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an...

2 affected packages

ruby1.8, ruby1.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
Show less packages

CVE-2009-0642

Low priority

Some fixes available 6 of 10

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving...

2 affected packages

ruby1.8, ruby1.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
Show less packages

CVE-2008-3905

Medium priority

Some fixes available 8 of 12

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for...

2 affected packages

ruby1.8, ruby1.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
Show less packages

CVE-2008-3790

Low priority

Some fixes available 8 of 12

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an...

2 affected packages

ruby1.8, ruby1.9

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
Show less packages