Max CVSS | 7.8 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2008-4310 | 7.8 |
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for
|
13-02-2023 - 02:19 | 09-12-2008 - 00:30 | |
CVE-2018-8780 | 7.5 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional director
|
21-07-2019 - 12:15 | 03-04-2018 - 22:29 | |
CVE-2008-2726 | 7.8 |
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent at
|
01-11-2018 - 15:07 | 24-06-2008 - 19:41 | |
CVE-2008-3905 | 5.8 |
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS respo
|
03-10-2018 - 21:55 | 04-09-2008 - 17:41 | |
CVE-2006-1931 | 5.0 |
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
|
03-10-2018 - 21:40 | 20-04-2006 - 21:02 | |
CVE-2013-4073 | 6.8 |
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name fie
|
13-08-2018 - 21:47 | 18-08-2013 - 02:52 | |
CVE-2006-5467 | 5.0 |
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier
|
11-10-2017 - 01:31 | 27-10-2006 - 18:07 | |
CVE-2006-3694 | 6.4 |
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
|
11-10-2017 - 01:31 | 21-07-2006 - 14:03 | |
CVE-2009-1904 | 5.0 |
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversio
|
29-09-2017 - 01:34 | 11-06-2009 - 21:30 | |
CVE-2007-5770 | 5.0 |
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which mak
|
29-09-2017 - 01:29 | 14-11-2007 - 01:46 | |
CVE-2011-4815 | 7.8 |
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an applicatio
|
29-08-2017 - 01:30 | 30-12-2011 - 01:55 | |
CVE-2014-8090 | 5.0 |
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string
|
03-01-2017 - 02:59 | 21-11-2014 - 15:59 | |
CVE-2013-1821 | 5.0 |
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. Per: http://www.r
|
08-12-2016 - 03:03 | 09-04-2013 - 21:55 | |
CVE-2011-1005 | 5.0 |
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.
|
13-08-2013 - 17:00 | 02-03-2011 - 20:00 |