Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

51 – 57 of 57 results


CVE-2014-3916

Negligible priority
Ignored

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

4 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9.1
ruby2.0
ruby2.1
Show less packages

CVE-2014-8090

Medium priority

Some fixes available 8 of 12

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document...

4 affected packages

ruby1.8, ruby1.9.1, ruby2.0, ruby2.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9.1
ruby2.0
ruby2.1
Show less packages

CVE-2014-8080

Medium priority

Some fixes available 8 of 13

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion...

5 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
ruby2.0
ruby2.1
Show less packages

CVE-2014-4975

Low priority

Some fixes available 7 of 12

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault)...

5 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
ruby2.0
ruby2.1
Show less packages

CVE-2014-2734

Low priority
Ignored

** DISPUTED ** The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts...

4 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
ruby2.0
Show less packages

CVE-2013-4164

Medium priority

Some fixes available 10 of 14

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault)...

4 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9
ruby1.9.1
ruby2.0
Show less packages

CVE-2013-2065

Low priority

Some fixes available 4 of 6

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

3 affected packages

ruby1.8, ruby1.9.1, ruby2.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8
ruby1.9.1
ruby2.0
Show less packages