CVSS: 10.0EPSS: 9%CPEs: 3EXPL: 2CVE-2016-2338
https://notcve.org/view.php?id=CVE-2016-2338
14 Feb 2020 — An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. Se presenta una vulnerabilidad de desbordamiento de pila explotable en la función Psych::Emitter start_document de Ruby. En la función Psych::Emitter start_d... • https://github.com/SpiralBL0CK/CVE-2016-2338-nday • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-16254 – ruby: HTTP response splitting in WEBrick
https://notcve.org/view.php?id=CVE-2019-16254
26 Nov 2019 — Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.8EPSS: 6%CPEs: 13EXPL: 0CVE-2018-16395 – ruby: OpenSSL::X509:: Name equality check does not work correctly
https://notcve.org/view.php?id=CVE-2018-16395
03 Nov 2018 — An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to cre... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 3%CPEs: 16EXPL: 0CVE-2018-16396 – ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives
https://notcve.org/view.php?id=CVE-2018-16396
03 Nov 2018 — An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. Se ha descubierto un problema en Ruby, en versiones anteriores a la 2.3.8, versiones 2.4.x anteriores a la 2.4.5, versiones 2.5.x anteriores a la 2.5.2 y versiones 2.6.x anteriores a la 2.6.0-preview3. No contamina las cadenas que resultan de desempaquetar cadenas contaminadas con algunos formatos. It wa... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-17742 – ruby: HTTP response splitting in WEBrick
https://notcve.org/view.php?id=CVE-2017-17742
30 Mar 2018 — Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, permite un ataque de separación de respuesta HTTP. Un atacante puede inyectar una ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 3%CPEs: 16EXPL: 0CVE-2018-8777 – ruby: DoS by large request in WEBrick
https://notcve.org/view.php?id=CVE-2018-8777
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante puede pasar una petición HTT... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-8778 – ruby: Buffer under-read in String#unpack
https://notcve.org/view.php?id=CVE-2018-8778
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atac... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2018-8779 – ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket
https://notcve.org/view.php?id=CVE-2018-8779
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, los métodos UNIXServer.open y UNIXSocket.open no se comprueban en busca de caracteres nu... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2018-6914 – ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
https://notcve.org/view.php?id=CVE-2018-6914
30 Mar 2018 — Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. Vulnerabilidad de salto de directorio en el método Dir.mktmpdir en la biblioteca tmpdir en Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 2%CPEs: 11EXPL: 0CVE-2018-8780 – ruby: Unintentional directory traversal by poisoned NULL byte in Dir
https://notcve.org/view.php?id=CVE-2018-8780
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, los métodos Dir.open, Dir.new, Dir.entrie... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •