Vulnerabilities > Ruby Lang > Ruby > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2011-4121 Inadequate Encryption Strength vulnerability in Ruby-Lang Ruby
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation.
network
low complexity
ruby-lang CWE-326
7.5
7.5
2018-11-16 CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
network
low complexity
ruby-lang canonical debian redhat
7.5
7.5
2018-04-03 CVE-2018-8780 Path Traversal vulnerability in Ruby-Lang Ruby
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters.
network
low complexity
ruby-lang canonical debian CWE-22
7.5
7.5
2017-12-20 CVE-2017-17790 Injection vulnerability in Ruby-Lang Ruby
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405.
network
low complexity
ruby-lang CWE-74
7.5
7.5
2017-08-31 CVE-2017-14064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
network
low complexity
ruby-lang debian canonical redhat CWE-119
7.5
7.5
2017-07-19 CVE-2017-11465 Out-of-bounds Read vulnerability in Ruby-Lang Ruby 2.4.1
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y.
network
low complexity
ruby-lang CWE-125
7.5
7.5
2017-05-24 CVE-2017-9225 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php ruby-lang CWE-787
7.5
7.5
2017-03-29 CVE-2009-5147 Improper Input Validation vulnerability in Ruby-Lang Ruby
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
network
low complexity
ruby-lang CWE-20
7.5
7.5
2017-01-06 CVE-2016-2339 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby.
network
low complexity
ruby-lang CWE-119
7.5
7.5
2017-01-06 CVE-2016-2337 Remote Code Execution vulnerability in Ruby TclTkIp 'ip_cancel_eval()' Function Type Confusion
Type confusion exists in _cancel_eval Ruby's TclTkIp class method.
network
low complexity
ruby-lang
7.5
7.5