| Max CVSS | 9.3 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-0903 | 7.5 |
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalat
|
09-10-2019 - 23:21 | 11-10-2017 - 18:29 | |
| CVE-2017-14033 | 5.0 |
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
|
31-10-2018 - 10:29 | 19-09-2017 - 17:29 | |
| CVE-2017-10784 | 9.3 |
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted
|
31-10-2018 - 10:29 | 19-09-2017 - 17:29 | |
| CVE-2017-0898 | 6.4 |
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information discl
|
15-07-2018 - 01:29 | 15-09-2017 - 19:29 |