Search Results (Refine Search)
- Keyword (text search): Ruby
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3655 |
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. Published: August 12, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-3656 |
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. Published: August 12, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-3657 |
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. Published: August 12, 2008; 9:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2376 |
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. Published: July 08, 2008; 8:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2662 |
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. Published: June 24, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-2663 |
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Published: June 24, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-2664 |
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Published: June 24, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-2725 |
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Published: June 24, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-2726 |
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Published: June 24, 2008; 3:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-1891 |
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. Published: April 18, 2008; 6:05:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1145 |
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. Published: March 04, 2008; 6:44:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-6183 |
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. Published: November 29, 2007; 7:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-6077 |
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. Published: November 21, 2007; 4:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-5770 |
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. Published: November 13, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-5379 |
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. Published: October 19, 2007; 7:17:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-5380 |
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." Published: October 19, 2007; 7:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-5162 |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. Published: October 01, 2007; 1:17:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-3227 |
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. Published: June 14, 2007; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2666 |
Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. Published: May 14, 2007; 7:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2006-6979 |
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. Published: February 08, 2007; 1:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |