Search CVE reports

Toggle filters

81 – 84 of 84 results

CVE-2016-2337

Negligible priority

Some fixes available 2 of 4

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

4 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby1.8
ruby1.9.1
ruby2.0
ruby2.3
Show less packages

CVE-2015-7551

Low priority

Some fixes available 1 of 6

The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby1.9.1
ruby2.0
ruby2.1
ruby2.2
ruby2.3
Show less packages

CVE-2015-3900

Low priority
Ignored

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...

8 affected packages

jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jruby
libgems-ruby
ruby1.8
ruby1.9.1
ruby2.1
ruby2.2
ruby2.3
rubygems
Show all 8 packages Show less packages

CVE-2015-1855

Low priority

Some fixes available 2 of 11

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors...

6 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby1.8
ruby1.9.1
ruby2.0
ruby2.1
ruby2.2
ruby2.3
Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON