National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Ruby
There are 423 matching records.
Displaying matches 421 through 423.
Vuln ID Summary CVSS Severity

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Published: June 20, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Published: March 01, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

Published: October 20, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW