CVSS: 7.5EPSS: 3%CPEs: 24EXPL: 0CVE-2017-14033 – ruby: Buffer underrun in OpenSSL ASN1 decode
https://notcve.org/view.php?id=CVE-2017-14033
19 Sep 2017 — The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. El método decode en el módulo OpenSSL::ASN1 en Ruby en versiones anteriores a la 2.2.8, versiones 2.3.x anteriores a 2.3.5, y 2.4.x hasta la 2.4.1 permite que los atacantes provoquen una denegación de servicio (cierre inesperado del intérprete) mediante una string manipulada. It was found that the decode method... • http://www.securityfocus.com/bid/100868 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 2CVE-2017-0898 – ruby: Buffer underrun vulnerability in Kernel.sprintf
https://notcve.org/view.php?id=CVE-2017-0898
15 Sep 2017 — Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Ruby, en versiones anteriores a la 2.4.2, 2.3.5 y 2.2.8, es vulnerable a una cadena de formato maliciosa qe contiene un especificador (*) con un valor grande negativo. Esta situación puede provocar un desbordamiento de búfer, provocando una ... • http://www.securityfocus.com/bid/100862 • CWE-122: Heap-based Buffer Overflow CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 1CVE-2017-14064 – ruby: Arbitrary heap exposure during a JSON.generate call
https://notcve.org/view.php?id=CVE-2017-14064
31 Aug 2017 — Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup ... • http://www.securityfocus.com/bid/100890 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2015-9096 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2015-9096
12 Jun 2017 — Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. El modulo Net::SMTP de Ruby anterior a su versión 2.4.0 es vulnerable a la inyección de comandos SMTP mediante secuencias CRLF de los comandos "RCPT TO" o "MAIL FROM", como demuestra las secuencias CRLF inmediatamente antes y después de la substring DATA. It was discovered that Ruby DL::dlopen incorrectly... • http://www.mbsd.jp/Whitepaper/smtpi.pdf • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2017-9225
https://notcve.org/view.php?id=CVE-2017-9225
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), ... • https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2017-9229 – oniguruma: Invalid pointer dereference in left_adjust_char_head()
https://notcve.org/view.php?id=CVE-2017-9229
24 May 2017 — An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. Se descubrió un problema en Oniguruma versión 6.2.0, como es usado en Oniguruma-mod en Ruby hasta versión 2.4.1 y mbstring en PHP hasta versión 7... • https://access.redhat.com/errata/RHSA-2018:1296 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 14EXPL: 0CVE-2015-7551 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2015-7551
22 Mar 2016 — The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. La implementación Fiddle::Handle en ext/fiddl... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.6EPSS: 2%CPEs: 42EXPL: 0CVE-2015-3900 – rubygems: DNS hijacking vulnerability in api_endpoint()
https://notcve.org/view.php?id=CVE-2015-3900
24 Jun 2015 — RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." RubyGems 2.0.x en versiones anteriores a 2.0.16, 2.2.x en versiones anteriores a 2.2.4 y 2.4.x en versiones anteriores a 2.4.7 no valida el nombre de host al recuperar gemas o hacer solicitudes de API, lo que permite a atacantes remotos... • http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html • CWE-254: 7PK - Security Features CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.9EPSS: 1%CPEs: 19EXPL: 1CVE-2015-1855 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2015-1855
04 May 2015 — verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. La función Verified_certificate_identity en la extensión OpenSSL en Ruby versiones anteriores a 2.0.0 patchlevel 645, versiones 2.1.x anteriores a 2.1.6 y versiones 2... • https://github.com/vpereira/CVE-2015-1855 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 68%CPEs: 17EXPL: 3CVE-2013-0233 – Ruby on Rails Devise Authentication Password Reset
https://notcve.org/view.php?id=CVE-2013-0233
25 Apr 2013 — Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts. Devise v2.2.x antes de v2.2.3, v2.1.x antes de v2.1.3, v2.0.x antes de v2.0.5, v1.5.x antes de v1.5.4 de Ruby, al u... • https://packetstorm.news/files/id/180861 • CWE-399: Resource Management Errors •