Vulnerabilidades em ruby

31 resultados
CVE-2016-2337Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argumenEPSS 6.2%CVE-2016-2339An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::FunctiEPSS 5.1%CVE-2016-2336Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of objectEPSS 3.3%CVE-2015-1855verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does noEPSS 2.8%CVE-2013-6461Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limitsEPSS 2.2%CVE-2013-6460Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documentsEPSS 2.1%CVE-2024-35176MEDIUMREXML contains a denial of service vulnerabilityEPSS 2.1%CVE-2011-3624Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-ForwEPSS 1.5%CVE-2024-49761MEDIUMREXML ReDoS vulnerabilityEPSS 1.4%CVE-2024-39908MEDIUMDenial of service in REXMLEPSS 1.4%CVE-2024-41123MEDIUMREXML DoS vulnerabilityEPSS 1.3%CVE-2024-43398MEDIUMREXML denial of service vulnerabilityEPSS 1.2%CVE-2024-41946MEDIUMREXML DoS vulnerabilityEPSS 1.2%CVE-2026-42258MEDIUMnet-imap: Command Injection via unvalidated Symbol inputsEPSS 0.9%CVE-2025-27788HIGHRuby JSON Parser has Out-of-bounds ReadEPSS 0.7%CVE-2025-25186MEDIUMNet::IMAP vulnerable to possible DoS by memory exhaustionEPSS 0.6%CVE-2026-27820LOWzlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruptionEPSS 0.6%CVE-2026-33210HIGHRuby JSON has a format string injection vulnerabilityEPSS 0.5%CVE-2025-24294HIGHThe attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressEPSS 0.5%CVE-2025-61594LOWURI Credential Leakage Bypass over CVE-2025-27221EPSS 0.5%