VYPR
Vendor

Ruby Lang

Products
20
CVEs
101
Across products
113
Status
Private

Products

20

Recent CVEs

101
View all 101 CVEs →
  • CVE-2017-17405HigDec 15, 2017
    risk 0.66cvss 8.8epss 0.74

    Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is…

  • CVE-2017-17790CriDec 20, 2017
    risk 0.64cvss 9.8epss 0.06

    The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations…

  • CVE-2017-14064CriAug 31, 2017
    risk 0.64cvss 9.8epss 0.09

    Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of…

  • CVE-2017-11465CriJul 19, 2017
    risk 0.64cvss 9.8epss 0.02

    The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have…

  • CVE-2017-9225CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not…

  • CVE-2016-2339CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.05

    An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element…

  • CVE-2016-2337CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.06

    Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.

  • CVE-2016-2336CriJan 6, 2017
    risk 0.64cvss 9.8epss 0.03

    Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.

  • CVE-2017-0898CriSep 15, 2017
    risk 0.60cvss 9.1epss 0.10

    Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

  • CVE-2026-42258CriMay 9, 2026
    risk 0.57cvss 9.8epss 0.01

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This…

  • CVE-2026-42257CriMay 9, 2026
    risk 0.57cvss 9.8epss 0.00

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived…

  • CVE-2026-27820CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.01

    zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously…

  • CVE-2024-27280CriMay 14, 2024
    risk 0.57cvss 9.8epss 0.02

    A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value.…

  • CVE-2017-10784HigSep 19, 2017
    risk 0.52cvss 8.8epss 0.16

    The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

  • CVE-2018-8777HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.05

    In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

  • CVE-2014-6438HigSep 6, 2017
    risk 0.49cvss 7.5epss 0.04

    The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

  • CVE-2017-9229HigMay 24, 2017
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result…

  • CVE-2017-6181HigApr 3, 2017
    risk 0.49cvss 7.5epss 0.04

    The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.

  • CVE-2025-0306HigJan 9, 2025
    risk 0.48cvss 7.4epss 0.01

    A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

  • CVE-2015-7551HigMar 24, 2016
    risk 0.48cvss 8.4epss 0.01

    The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or…