Max CVSS 7.8 Min CVSS 4.3 Total Count10
IDCVSSSummaryLast (major) updatePublished
CVE-2014-8090 5.0
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string
02-01-2017 - 21:59 21-11-2014 - 10:59
CVE-2014-8080 5.0
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
02-01-2017 - 21:59 03-11-2014 - 11:55
CVE-2013-4164 6.8
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute
30-12-2016 - 21:59 23-11-2013 - 14:55
CVE-2013-1821 5.0
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.
07-12-2016 - 22:03 09-04-2013 - 17:55
CVE-2012-4481 4.3
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
11-02-2014 - 23:39 02-05-2013 - 10:55
CVE-2011-1005 5.0
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
13-08-2013 - 13:00 02-03-2011 - 15:00
CVE-2011-4815 7.8
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an applicatio
29-01-2013 - 23:44 29-12-2011 - 20:55
CVE-2011-1004 6.3
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
11-05-2012 - 23:36 02-03-2011 - 15:00
CVE-2011-0188 6.8
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitr
23-08-2011 - 23:15 22-03-2011 - 22:00
CVE-2011-2686 5.0
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a
11-08-2011 - 22:45 05-08-2011 - 17:55
Back to Top Mark selected
Back to Top