SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO
or MAIL FROM command.
CVE-2016-2339
Exploitable heap overflow in Fiddle::Function.new.
CVE-2016-7798
Incorrect handling of initialization vector in the GCM mode in the
OpenSSL extension.
CVE-2017-0898
Buffer underrun vulnerability in Kernel.sprintf.
CVE-2017-0899
ANSI escape sequence vulnerability in RubyGems.
CVE-2017-0900
DoS vulnerability in the RubyGems query command.
CVE-2017-0901
gem installer allowed a malicious gem to overwrite arbitrary files.
CVE-2017-0902
RubyGems DNS request hijacking vulnerability.
CVE-2017-0903
Max Justicz reported that RubyGems is prone to an unsafe object
deserialization vulnerability. When parsed by an application which
processes gems, a specially crafted YAML formatted gem specification
can lead to remote code execution.
CVE-2017-10784
Yusuke Endoh discovered an escape sequence injection vulnerability in
Get the latest Linux and open source security news straight to your inbox.