Search CVE reports
21 – 26 of 26 results
CVE-2015-3900
Low priorityRubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...
8 affected packages
jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | — | — | — | — | — |
| libgems-ruby | — | — | — | — | — |
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
| ruby2.2 | — | — | — | — | — |
| ruby2.3 | — | — | — | — | — |
| rubygems | — | — | — | — | — |
CVE-2015-1855
Low prioritySome fixes available 2 of 11
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors...
6 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | Not in release |
| ruby1.9.1 | — | — | — | — | Not in release |
| ruby2.0 | — | — | — | — | Not in release |
| ruby2.1 | — | — | — | — | Not in release |
| ruby2.2 | — | — | — | — | Not in release |
| ruby2.3 | — | — | — | — | Not affected |
CVE-2014-3916
Negligible priorityThe str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-8090
Medium prioritySome fixes available 8 of 12
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document...
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-8080
Medium prioritySome fixes available 8 of 13
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |
CVE-2014-4975
Low prioritySome fixes available 7 of 12
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault)...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby1.8 | — | — | — | — | — |
| ruby1.9 | — | — | — | — | — |
| ruby1.9.1 | — | — | — | — | — |
| ruby2.0 | — | — | — | — | — |
| ruby2.1 | — | — | — | — | — |