CVSS: 9.8EPSS: 20%CPEs: 12EXPL: 0CVE-2005-2337 – Debian Linux Security Advisory 860-1
https://notcve.org/view.php?id=CVE-2005-2337
07 Oct 2005 — Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, ... • http://jvn.jp/jp/JVN%2362914675/index.html •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2005-1992 – Debian Linux Security Advisory 748-1
https://notcve.org/view.php?id=CVE-2005-1992
20 Jun 2005 — The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server. • http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237 •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2004-0983 – dsa-586.txt
https://notcve.org/view.php?id=CVE-2004-0983
10 Nov 2004 — The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles. • http://www.debian.org/security/2004/dsa-586 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0755 – dsa-537.txt
https://notcve.org/view.php?id=CVE-2004-0755
16 Aug 2004 — The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. La capacidad FileStore en CGI::Session de Ruby anteriores a 1.8.1, y posiblemente PStore, crea ficheros con permisos no seguros, lo que puede permitir a usuarios locales robar información de sesión secuestrar sesiones. A problem in the CGI session management of Ruby, an object-oriented scripting language, a... • http://secunia.com/advisories/12290 •