Vulnerabilities > Ruby Lang
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-15 | CVE-2017-17405 | OS Command Injection vulnerability in multiple products Ruby before 2.4.3 allows Net::FTP command injection. | 8.8 |
2017-09-19 | CVE-2017-14033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | 7.5 |
2017-09-19 | CVE-2017-10784 | Improper Authentication vulnerability in Ruby-Lang Ruby The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | 8.8 |
2017-09-15 | CVE-2017-0898 | Use of Externally-Controlled Format String vulnerability in Ruby-Lang Ruby Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. | 9.1 |
2017-09-06 | CVE-2014-6438 | Resource Management Errors vulnerability in Ruby-Lang Ruby The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. | 7.5 |
2017-08-31 | CVE-2017-14064 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. | 9.8 |
2017-07-19 | CVE-2017-11465 | Out-of-bounds Write vulnerability in Ruby-Lang Ruby 2.4.1 The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. | 9.8 |
2017-06-12 | CVE-2015-9096 | CRLF Injection vulnerability in Ruby-Lang Ruby Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | 6.1 |
2017-05-24 | CVE-2017-9229 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9225 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 9.8 |