CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2018-8777 – ruby: DoS by large request in WEBrick
https://notcve.org/view.php?id=CVE-2018-8777
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante puede pasar una petición HTT... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-8778 – ruby: Buffer under-read in String#unpack
https://notcve.org/view.php?id=CVE-2018-8778
30 Mar 2018 — In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atac... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 1CVE-2017-17790 – ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2017-17790
20 Dec 2017 — The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. La función lazy_initialize en lib/resolv.rb en Ruby hasta la versión 2.4.3 utiliza Kernel#open, lo que podría permitir ataques de inyección de comandos, tal y como demuestra un argumento Reso... • https://access.redhat.com/errata/RHSA-2018:0378 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 35%CPEs: 17EXPL: 1CVE-2017-17405 – Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection
https://notcve.org/view.php?id=CVE-2017-17405
15 Dec 2017 — Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. • https://www.exploit-db.com/exploits/43381 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2017-14033 – ruby: Buffer underrun in OpenSSL ASN1 decode
https://notcve.org/view.php?id=CVE-2017-14033
19 Sep 2017 — The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. El método decode en el módulo OpenSSL::ASN1 en Ruby en versiones anteriores a la 2.2.8, versiones 2.3.x anteriores a 2.3.5, y 2.4.x hasta la 2.4.1 permite que los atacantes provoquen una denegación de servicio (cierre inesperado del intérprete) mediante una string manipulada. It was found that the decode method... • http://www.securityfocus.com/bid/100868 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0CVE-2017-10784 – ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick
https://notcve.org/view.php?id=CVE-2017-10784
19 Sep 2017 — The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. El código de autenticación Basic en la biblioteca WEBrick en Ruby en versiones anteriores a la 2.2.8, 2.3.x anteriores a la 2.3.5 y 2.4.x hasta la 2.4.1 permite que atacantes remotos inyecten secuencias de escape del emulador del terminal en su regis... • http://www.securityfocus.com/bid/100853 • CWE-117: Improper Output Neutralization for Logs CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 1%CPEs: 15EXPL: 2CVE-2017-0898 – ruby: Buffer underrun vulnerability in Kernel.sprintf
https://notcve.org/view.php?id=CVE-2017-0898
15 Sep 2017 — Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Ruby, en versiones anteriores a la 2.4.2, 2.3.5 y 2.2.8, es vulnerable a una cadena de formato maliciosa qe contiene un especificador (*) con un valor grande negativo. Esta situación puede provocar un desbordamiento de búfer, provocando una ... • http://www.securityfocus.com/bid/100862 • CWE-122: Heap-based Buffer Overflow CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6438
https://notcve.org/view.php?id=CVE-2014-6438
06 Sep 2017 — The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. El método URI.decode_www_form_component en versiones de Ruby anteriores a la 1.9.2-p330 permite que atacantes remotos provoquen una denegación de servicio (expresión regular catastrófica, consumo de recursos o bloqueo de la aplicación) utilizando un string manipulado. • http://www.openwall.com/lists/oss-security/2015/07/13/6 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 29EXPL: 1CVE-2017-14064 – ruby: Arbitrary heap exposure during a JSON.generate call
https://notcve.org/view.php?id=CVE-2017-14064
31 Aug 2017 — Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup ... • http://www.securityfocus.com/bid/100890 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11465
https://notcve.org/view.php?id=CVE-2017-11465
19 Jul 2017 — The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. La función parser_yyerror en el analizador UTF-8 de Ruby versión 2.4.1, permite a los atacantes causar una denegación de servicio (lectura o escritura no válidas) o posib... • https://bugs.ruby-lang.org/issues/13742 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •