Yukihiro Matsumoto
Products
1- 8 CVEs
Recent CVEs
8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-1931 | 0.04 | — | 0.13 | Apr 20, 2006 | The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. | ||
| CVE-2005-2337 | 0.01 | — | 0.14 | Oct 7, 2005 | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||
| CVE-2005-1992 | 0.01 | — | 0.09 | Jun 20, 2005 | The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | ||
| CVE-2006-6303 | 0.00 | — | 0.04 | Dec 6, 2006 | The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | ||
| CVE-2006-5467 | 0.00 | — | 0.05 | Oct 27, 2006 | The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. | ||
| CVE-2006-3694 | 0.00 | — | 0.03 | Jul 21, 2006 | Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | ||
| CVE-2004-0983 | 0.00 | — | 0.01 | Mar 1, 2005 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | ||
| CVE-2004-0755 | 0.00 | — | 0.00 | Oct 20, 2004 | The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. |
- CVE-2006-1931Apr 20, 2006risk 0.04cvss —epss 0.13
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
- CVE-2005-2337Oct 7, 2005risk 0.01cvss —epss 0.14
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
- CVE-2005-1992Jun 20, 2005risk 0.01cvss —epss 0.09
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
- CVE-2006-6303Dec 6, 2006risk 0.00cvss —epss 0.04
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
- CVE-2006-5467Oct 27, 2006risk 0.00cvss —epss 0.05
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
- CVE-2006-3694Jul 21, 2006risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
- CVE-2004-0983Mar 1, 2005risk 0.00cvss —epss 0.01
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
- CVE-2004-0755Oct 20, 2004risk 0.00cvss —epss 0.00
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.