Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

31 – 40 of 57 results

CVE-2018-1000073

Low priority

Some fixes available 4 of 10

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory...

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2017-17405

Medium priority
Fixed

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character,...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release
ruby2.0 Not in release
ruby2.3 Fixed
Show less packages

CVE-2017-0903

Medium priority

Some fixes available 3 of 10

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can...

4 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Not affected Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
Show less packages

CVE-2017-10784

Medium priority

Some fixes available 4 of 5

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
Show less packages

CVE-2017-0898

Medium priority

Some fixes available 4 of 5

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
Show less packages

CVE-2014-6438

Low priority
Ignored

The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.

7 affected packages

ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.8 Not in release
ruby1.9 Not in release
ruby1.9.1 Not in release
ruby2.0 Not in release
ruby2.1 Not in release
ruby2.2 Not in release
ruby2.3 Not affected
Show all 7 packages Show less packages

CVE-2017-14064

Low priority

Some fixes available 4 of 5

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

3 affected packages

ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Fixed
Show less packages

CVE-2017-0902

Medium priority

Some fixes available 3 of 19

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

4 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Vulnerable Vulnerable Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
Show less packages

CVE-2017-0901

Medium priority

Some fixes available 4 of 20

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.

4 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Vulnerable Vulnerable Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
Show less packages

CVE-2017-0900

Negligible priority

Some fixes available 2 of 19

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.

4 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Vulnerable Vulnerable Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON