Yukihiro Matsumoto

yukihiro_matsumoto

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-6303 1Yukihiro Matsumoto 1Ruby Apr 23, 2026 Dec 6, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP req...Show more The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.Show less
CVE-2006-5467 1Yukihiro Matsumoto 1Ruby Apr 23, 2026 Oct 27, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as...Show more The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.Show less
CVE-2006-3694 1Yukihiro Matsumoto 1Ruby Apr 16, 2026 Jul 21, 2006 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
CVE-2006-1931 1Yukihiro Matsumoto 1Ruby Apr 16, 2026 Apr 20, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.
CVE-2005-2337 1Yukihiro Matsumoto 1Ruby Apr 16, 2026 Oct 7, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standar...Show more Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).Show less
CVE-2005-1992 1Yukihiro Matsumoto 1Ruby Apr 16, 2026 Jun 20, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
CVE-2004-0983 4Gentoo MandrakesoftUbuntu+1 more 5Linux Mandrake LinuxMandrake Linux Corporate Server+2 more Apr 16, 2026 Mar 1, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVE-2004-0755 1Yukihiro Matsumoto 1Ruby Apr 16, 2026 Oct 20, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.