Max CVSS 9.3 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-14064 7.5
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning
13-05-2019 - 18:48 31-08-2017 - 17:29
CVE-2017-14033 5.0
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
31-10-2018 - 10:29 19-09-2017 - 17:29
CVE-2017-10784 9.3
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted
31-10-2018 - 10:29 19-09-2017 - 17:29
CVE-2016-2337 7.5
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access
28-08-2018 - 10:29 06-01-2017 - 21:59
CVE-2017-0898 6.4
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information discl
15-07-2018 - 01:29 15-09-2017 - 19:29
Back to Top Mark selected
Back to Top