CVE search results

21 – 26 of 26 results

Detailed view

Sort by:

CVE-2014-8090

Medium priority

Some fixes available 8 of 12

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document...

4 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.8	—	—	—	—
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.1	—	—	—	—

CVE-2014-8080

Medium priority

Some fixes available 8 of 13

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion...

5 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.8	—	—	—	—
ruby1.9	—	—	—	—
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.1	—	—	—	—

CVE-2014-6438

Low priority

Ignored

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

7 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.8	—	—	—	—
ruby1.9	—	—	—	—
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.1	—	—	—	—
ruby2.2	—	—	—	—
ruby2.3	—	—	—	—

CVE-2014-4975

Low priority

Some fixes available 7 of 12

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault)...

5 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.8	—	—	—	—
ruby1.9	—	—	—	—
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.1	—	—	—	—

CVE-2014-3916

Negligible priority

Ignored

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

4 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.8	—	—	—	—
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.1	—	—	—	—

CVE-2009-5147

Low priority

Some fixes available 1 of 5

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

6 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.8	—	—	—	—
ruby1.9.1	—	—	—	—
ruby2.0	—	—	—	—
ruby2.1	—	—	—	—
ruby2.2	—	—	—	—
ruby2.3	—	—	—	—

Export to JSON

Results by page:

Search CVE reports