Search CVE reports


Toggle filters

21 – 30 of 86 results


CVE-2018-8780

Medium priority
Fixed

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method,...

4 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
ruby2.5 Fixed Not in release
Show less packages

CVE-2018-8779

Medium priority
Fixed

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.

4 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
ruby2.5 Fixed Not in release
Show less packages

CVE-2018-8778

Medium priority
Fixed

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the...

4 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
ruby2.5 Fixed Not in release
Show less packages

CVE-2018-8777

Low priority
Fixed

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler...

4 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
ruby2.5 Fixed Not in release
Show less packages

CVE-2018-6914

Medium priority
Fixed

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary...

4 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
ruby2.5 Fixed Not in release
Show less packages

CVE-2017-17742

Medium priority

Some fixes available 6 of 19

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server...

5 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Vulnerable Vulnerable Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2018-1000079

Medium priority

Some fixes available 7 of 12

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory...

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2018-1000078

Medium priority

Some fixes available 9 of 13

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS)...

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2018-1000077

Medium priority

Some fixes available 9 of 13

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input...

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2018-1000076

Low priority

Some fixes available 8 of 12

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification...

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages