Vulnerabilities (CVE)

Filtered by vendor Ruby-lang Subscribe
Total 117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9096 1 Ruby-lang 1 Ruby 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
CVE-2015-7551 2 Apple, Ruby-lang 2 Mac Os X, Ruby 2024-11-21 4.6 MEDIUM 8.4 HIGH
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
CVE-2015-3900 4 Oracle, Redhat, Ruby-lang and 1 more 4 Solaris, Enterprise Linux, Ruby and 1 more 2024-11-21 5.0 MEDIUM N/A
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
CVE-2014-8090 1 Ruby-lang 1 Ruby 2024-11-21 5.0 MEDIUM N/A
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
CVE-2014-8080 4 Canonical, Opensuse, Redhat and 1 more 4 Ubuntu Linux, Opensuse, Enterprise Linux and 1 more 2024-11-21 5.0 MEDIUM N/A
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2014-6438 1 Ruby-lang 1 Ruby 2024-11-21 5.0 MEDIUM 7.5 HIGH
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
CVE-2014-4975 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more 2024-11-21 5.0 MEDIUM N/A
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
CVE-2014-2734 1 Ruby-lang 1 Ruby 2024-11-21 5.8 MEDIUM N/A
** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher.
CVE-2013-5647 2 Adam Zaninovich, Ruby-lang 2 Sounder, Ruby 2024-11-21 7.5 HIGH N/A
lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-4413 2 Ruby-lang, Schneems 2 Ruby, Wicked 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot slash) in the step.
CVE-2013-4363 2 Ruby-lang, Rubygems 2 Ruby, Rubygems 2024-11-21 4.3 MEDIUM N/A
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
CVE-2013-4287 3 Redhat, Ruby-lang, Rubygems 3 Enterprise Linux, Ruby, Rubygems 2024-11-21 4.3 MEDIUM N/A
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
CVE-2013-4164 1 Ruby-lang 1 Ruby 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
CVE-2013-4136 2 Phusion, Ruby-lang 2 Passenger, Ruby 2024-11-21 4.4 MEDIUM N/A
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
CVE-2013-4073 1 Ruby-lang 1 Ruby 2024-11-21 6.8 MEDIUM N/A
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2013-2119 3 Phusion, Redhat, Ruby-lang 3 Passenger, Openshift, Ruby 2024-11-21 4.6 MEDIUM N/A
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
CVE-2013-2065 2 Opensuse, Ruby-lang 2 Opensuse, Ruby 2024-11-21 6.4 MEDIUM N/A
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
CVE-2013-1948 2 Rob Westgeest, Ruby-lang 2 Md2pdf, Ruby 2024-11-21 10.0 HIGH N/A
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2013-1947 2 Kelly D. Redding, Ruby-lang 2 Kelredd-pruview, Ruby 2024-11-21 9.3 HIGH N/A
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
CVE-2013-1933 2 Documentcloud, Ruby-lang 2 Karteek-docsplit, Ruby 2024-11-21 9.3 HIGH N/A
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.