CVE search results

61 – 70 of 81 results

Detailed view

Sort by:

CVE-2017-14064

Low priority

Some fixes available 4 of 5

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	—	—	—	Not in release
ruby2.0	—	—	—	Not in release
ruby2.3	—	—	—	Not in release

CVE-2017-14033

Medium priority

Some fixes available 3 of 4

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.

3 affected packages

ruby1.9.1, ruby2.1, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	—	—	—	—
ruby2.1	—	—	—	—
ruby2.3	—	—	—	—

CVE-2017-11465

Medium priority

Not affected

The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.3	—	—	—	—

CVE-2017-10784

Medium priority

Some fixes available 4 of 5

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	—	—	—	Not in release
ruby2.0	—	—	—	Not in release
ruby2.3	—	—	—	Not in release

CVE-2017-0903

Medium priority

Some fixes available 3 of 10

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can...

4 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jruby	Not affected	—	Not affected	Not affected
ruby1.9.1	Not in release	Not in release	Not in release	Not in release
ruby2.0	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release

CVE-2017-0902

Medium priority

Some fixes available 3 of 21

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

4 affected packages

ruby1.9.1, ruby2.0, ruby2.3, jruby

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	Not in release	Not in release	Not in release	Not in release
ruby2.0	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release
jruby	Needs evaluation	—	Vulnerable	Vulnerable

CVE-2017-0901

Medium priority

Some fixes available 4 of 22

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

4 affected packages

jruby, ruby2.0, ruby1.9.1, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jruby	Needs evaluation	—	Vulnerable	Vulnerable
ruby2.0	Not in release	Not in release	Not in release	Not in release
ruby1.9.1	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release

CVE-2017-0900

Negligible priority

Some fixes available 2 of 21

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

4 affected packages

ruby1.9.1, ruby2.3, ruby2.0, jruby

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release
ruby2.0	Not in release	Not in release	Not in release	Not in release
jruby	Needs evaluation	—	Vulnerable	Vulnerable

CVE-2017-0899

Negligible priority

Some fixes available 2 of 21

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

4 affected packages

ruby1.9.1, jruby, ruby2.0, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	Not in release	Not in release	Not in release	Not in release
jruby	Needs evaluation	—	Vulnerable	Vulnerable
ruby2.0	Not in release	Not in release	Not in release	Not in release
ruby2.3	Not in release	Not in release	Not in release	Not in release

CVE-2017-0898

Medium priority

Some fixes available 4 of 5

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or...

3 affected packages

ruby2.3, ruby1.9.1, ruby2.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby2.3	—	—	—	Not in release
ruby1.9.1	—	—	—	Not in release
ruby2.0	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports