Lucene search
GoogleOSV:DLA-235-1HistoryMay 30, 2015 - 12:00 a.m.
ruby1.9.1 - security update
2015-05-3000:00:00
Google
osv.dev
14
0.029 Low
EPSS
Percentile
90.8%
- CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in
Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7
and other platforms, does not properly allocate memory, which allows
context-dependent attackers to execute arbitrary code or cause a
denial of service (application crash) via vectors involving creation
of a large BigDecimal value within a 64-bit process, related to an
βinteger truncation issue.β - CVE-2011-2705
use upstream SVN r32050 to modify PRNG state to prevent random number
sequence repeatation at forked child process which has same pid.
Reported by Eric Wong. - CVE-2012-4522
The rb_get_path_check function in file.c in Ruby 1.9.3 before
patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent
attackers to create files in unexpected locations or with unexpected
names via a NUL byte in a file path. - CVE-2013-0256
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before
4.0.0.preview2.1, as used in Ruby, does not properly generate
documents, which allows remote attackers to conduct cross-site
scripting (XSS) attacks via a crafted URL. - CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426,
and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for
native functions, which allows context-dependent attackers to bypass
intended $SAFE level restrictions. - CVE-2015-1855
OpenSSL extension hostname matching implementation violates RFC 6125
| CPE | Name | Operator | Version |
|---|---|---|---|
| ruby1.9.1 | eq | 1.9.2.0-2 | |
| ruby1.9.1 | eq | 1.9.2.0-2+armhf |
References
Related
nessus
nessus
Debian DLA-235-1 : ruby1.9.1 security update
2015-06-01 00:00:00
Fedora 17 : ruby-1.9.3.286-18.fc17 (2012-16086)
2012-10-22 00:00:00
Fedora 18 : ruby-1.9.3.286-19.fc18 (2012-16071)
2012-10-18 00:00:00
debian
debian
[SECURITY] [DLA 235-1] ruby1.9.1 security update
2015-05-30 20:45:15
[SECURITY] [DLA 224-1] ruby1.8 security update
2015-05-18 21:57:18
[SECURITY] [DSA 3246-1] ruby1.9.1 security update
2015-05-02 11:20:09
openvas
openvas
Debian: Security Advisory (DLA-235-1)
2023-03-08 00:00:00
Ruby Random Number Values Information Disclosure Vulnerability
2011-08-29 00:00:00
Fedora Update for ruby FEDORA-2013-8411
2013-05-31 00:00:00
prion
prion
Design/Logic Flaw
2011-08-05 21:55:00
Code injection
2013-11-02 19:55:00
Cross site scripting
2013-03-01 05:40:00
nvd
nvd
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 17 Update: ruby-1.9.3.429-30.fc17
2013-05-30 02:56:37
[SECURITY] Fedora 18 Update: ruby-1.9.3.429-30.fc18
2013-05-30 03:09:30
[SECURITY] Fedora 18 Update: ruby-1.9.3.286-19.fc18
2012-10-18 03:50:20
oraclelinux
oraclelinux
ruby security, bug fix, and enhancement update
2011-12-14 00:00:00
ruby security and bug fix update
2013-01-11 00:00:00
freebsd
freebsd
ruby -- Object taint bypassing in DL and Fiddle in Ruby
2013-05-14 00:00:00
Ruby -- XSS exploit of RDoc documentation generated by rdoc
2013-02-06 00:00:00
cve
cve
veracode
veracode
Information Leakage
2020-04-10 01:07:07
Cross-Site Scripting (XSS) In Darkfish.js
2019-01-15 08:51:23
Arbitrary Code Execution
2020-04-10 00:59:04
ubuntucve
ubuntucve
seebug
seebug
Ruby ζ¬ε°ζδ»Άεε»ΊζΌζ΄(CVE-2012-4522)
2012-10-23 00:00:00
slackware
slackware
ruby
2013-05-16 15:44:50
hackerone
hackerone
Ruby: XSS exploit of RDoc documentation generated by rdoc
2021-08-27 12:35:33
Ruby: XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
2023-05-08 13:58:42
github
github
RDoc contains XSS vulnerability
2017-10-24 18:33:37
amazon
amazon
osv
osv
RDoc contains XSS vulnerability
2017-10-24 18:33:37
ruby2.1 - security update
2015-05-02 00:00:00
ruby1.9.1 - security update
2015-05-02 00:00:00
redhat
redhat
(RHSA-2013:0728) Moderate: rubygem packages security update
2013-04-09 00:00:00
(RHSA-2011:1581) Low: ruby security, bug fix, and enhancement update
2011-12-06 00:00:00
securityvulns
securityvulns
Ruby SSL checks bypass
2015-05-04 00:00:00
[ MDVSA-2015:224 ] ruby
2015-05-04 00:00:00
[USN-2035-1] Ruby vulnerabilities
2013-12-01 00:00:00
archlinux
archlinux
ruby: permissive certificate verification
2015-04-14 00:00:00
mageia
mageia
Updated ruby packages fix CVE-2015-1855
2015-05-03 03:19:16
alpinelinux
alpinelinux
CVE-2015-1855
2019-11-29 21:15:10
rubygems
rubygems
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
2012-10-11 20:00:00
CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
2013-02-05 20:00:00
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
2013-05-13 20:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-02-28 00:00:00
Ruby vulnerabilities
2013-11-27 00:00:00
Ruby vulnerabilities
2012-10-23 00:00:00
suse
suse
Security update for Ruby 1.9 (important)
2013-04-09 19:05:05
cloudfoundry
cloudfoundry
CVE-2015-1855 Ruby OpenSSL Hostname Verification | Cloud Foundry
2015-04-30 00:00:00