Vulnerabilities > Ruby Lang > Ruby > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-29 CVE-2016-2338 Out-of-bounds Write vulnerability in multiple products
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby.
network
low complexity
ruby-lang debian CWE-787
critical
9.8
2022-05-09 CVE-2022-28738 Double Free vulnerability in Ruby-Lang Ruby
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.
network
low complexity
ruby-lang CWE-415
critical
9.8
2017-12-15 CVE-2017-17405 OS Command Injection vulnerability in multiple products
Ruby before 2.4.3 allows Net::FTP command injection.
network
ruby-lang debian redhat CWE-78
critical
9.3
2017-09-19 CVE-2017-10784 Improper Authentication vulnerability in Ruby-Lang Ruby
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
network
ruby-lang CWE-287
critical
9.3
2013-04-25 CVE-2013-1933 OS Command Injection vulnerability in Documentcloud Karteek-Docsplit 0.5.4
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
network
documentcloud ruby-lang CWE-78
critical
9.3
2013-04-25 CVE-2013-1947 OS Command Injection vulnerability in Kelly D. Redding Kelredd-Pruview 0.3.8
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
network
kelly-d-redding ruby-lang CWE-78
critical
9.3
2013-04-25 CVE-2013-1948 Remote Command Injection vulnerability in ROB Westgeest Md2Pdf 0.0.1
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
network
low complexity
rob-westgeest ruby-lang
critical
10.0
2009-12-11 CVE-2009-4124 Buffer Errors vulnerability in Ruby-Lang Ruby 1.9.1
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust.
network
low complexity
ruby-lang CWE-119
critical
10.0
2008-06-24 CVE-2008-2662 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.
network
low complexity
ruby-lang debian canonical CWE-189
critical
10.0
2008-06-24 CVE-2008-2663 Integer Overflow OR Wraparound vulnerability in multiple products
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725.
network
low complexity
ruby-lang debian canonical CWE-190
critical
10.0