National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Ruby
There are 427 matching records.
Displaying matches 421 through 427.
Vuln ID Summary CVSS Severity
CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

Published: July 21, 2006; 10:03:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2006-2582

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.

Published: May 25, 2006; 06:02:00 AM -04:00
    V2: 7.5 HIGH
CVE-2006-1931

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.

Published: April 20, 2006; 05:02:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

Published: October 07, 2005; 07:02:00 PM -04:00
    V2: 7.5 HIGH
CVE-2005-1992

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Published: June 20, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Published: March 01, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

Published: October 20, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW