Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-6303 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 5.0 MEDIUM | N/A |
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | |||||
CVE-2006-5467 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 5.0 MEDIUM | N/A |
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. | |||||
CVE-2004-0983 | 4 Gentoo, Mandrakesoft, Ubuntu and 1 more | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | |||||
CVE-2006-1931 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 5.0 MEDIUM | N/A |
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. | |||||
CVE-2006-3694 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 6.4 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | |||||
CVE-2005-2337 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 7.5 HIGH | N/A |
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | |||||
CVE-2005-1992 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 7.5 HIGH | N/A |
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2004-0755 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 2.1 LOW | N/A |
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. |