CVE-2011-0188
- EPSS 3.03%
- Veröffentlicht 23.03.2011 02:00:06
- Zuletzt bearbeitet 16.06.2026 23:26:58
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitr...
- EPSS 2.77%
- Veröffentlicht 02.03.2011 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:28:32
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
CVE-2011-1004
- EPSS 0.39%
- Veröffentlicht 02.03.2011 20:00:01
- Zuletzt bearbeitet 16.06.2026 23:28:32
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
CVE-2010-2489
- EPSS 0.41%
- Veröffentlicht 12.07.2010 13:27:27
- Zuletzt bearbeitet 16.06.2026 23:20:50
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
- EPSS 3.88%
- Veröffentlicht 11.12.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:05
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rj...
- EPSS 8.38%
- Veröffentlicht 11.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:19
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversio...
CVE-2009-0642
- EPSS 2.64%
- Veröffentlicht 20.02.2009 06:47:48
- Zuletzt bearbeitet 16.06.2026 23:05:28
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificat...
CVE-2008-4310
- EPSS 13.55%
- Veröffentlicht 09.12.2008 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:57:34
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for...
CVE-2008-3905
- EPSS 2.42%
- Veröffentlicht 04.09.2008 17:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:46
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS respo...
- EPSS 15.2%
- Veröffentlicht 27.08.2008 20:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:32
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."