Filtered by vendor Yukihiro Matsumoto
Subscriptions
Filtered by product Ruby
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-6303 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-21 | N/A |
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | ||||
CVE-2006-5467 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-21 | N/A |
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. | ||||
CVE-2006-3694 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | ||||
CVE-2006-1931 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-21 | N/A |
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. | ||||
CVE-2005-2337 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-20 | N/A |
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||||
CVE-2005-1992 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-20 | N/A |
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | ||||
CVE-2004-0983 | 5 Gentoo, Mandrakesoft, Redhat and 2 more | 6 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 3 more | 2024-11-20 | N/A |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | ||||
CVE-2004-0755 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2024-11-20 | N/A |
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. |
Page 1 of 1.