Vulnerabilities > Ruby Lang > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-29 | CVE-2009-5147 | Improper Input Validation vulnerability in Ruby-Lang Ruby DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | 7.5 |
| 2017-01-06 | CVE-2016-2339 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. | 7.5 |
| 2017-01-06 | CVE-2016-2337 | Remote Code Execution vulnerability in Ruby TclTkIp 'ip_cancel_eval()' Function Type Confusion Type confusion exists in _cancel_eval Ruby's TclTkIp class method. | 7.5 |
| 2017-01-06 | CVE-2016-2336 | Type Confusion Multiple Remote Code Execution vulnerability in Ruby 2.2.2/2.3.0 Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. | 7.5 |
| 2013-08-29 | CVE-2013-5647 | Code Injection vulnerability in Adam Zaninovich Sounder 1.0.1 lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
| 2013-03-20 | CVE-2013-1655 | Improper Input Validation vulnerability in multiple products Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes." Per http://www.ubuntu.com/usn/usn-1759-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 " | 7.5 |
| 2011-12-30 | CVE-2011-4815 | Improper Input Validation vulnerability in Ruby-Lang Ruby Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 7.8 |
| 2010-07-12 | CVE-2010-2489 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruby-Lang Ruby Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. | 7.2 |
| 2008-08-13 | CVE-2008-3657 | Improper Input Validation vulnerability in Ruby-Lang Ruby The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. | 7.5 |
| 2008-08-13 | CVE-2008-3656 | Resource Management Errors vulnerability in Ruby-Lang Ruby Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. | 7.8 |