Vulnerabilities > Ruby Lang > Ruby > 2.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2017-14033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | 7.5 |
| 2017-09-19 | CVE-2017-10784 | Improper Authentication vulnerability in Ruby-Lang Ruby The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | 8.8 |
| 2017-09-15 | CVE-2017-0898 | Use of Externally-Controlled Format String vulnerability in Ruby-Lang Ruby Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. | 9.1 |
| 2017-08-31 | CVE-2017-14064 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. | 9.8 |
| 2017-01-06 | CVE-2016-2339 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. | 9.8 |
| 2017-01-06 | CVE-2016-2337 | Unspecified vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 Type confusion exists in _cancel_eval Ruby's TclTkIp class method. | 9.8 |
| 2017-01-06 | CVE-2016-2336 | Unspecified vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. | 9.8 |