Vulnerabilities > Ruby Lang > Ruby > 1.9.2.180
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2018-8780 | Path Traversal vulnerability in Ruby-Lang Ruby In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. | 7.5 |
| 2017-09-19 | CVE-2017-10784 | Improper Authentication vulnerability in Ruby-Lang Ruby The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | 9.3 |
| 2017-08-31 | CVE-2017-14064 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. | 7.5 |
| 2016-03-24 | CVE-2015-7551 | Improper Input Validation vulnerability in multiple products The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. | 4.6 |
| 2014-11-15 | CVE-2014-4975 | Buffer Errors vulnerability in Ruby-Lang Ruby Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. | 5.0 |