GCVE - cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:*

part: a version: 1.9.1 update: -p376

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.570329
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.570331

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2705`	vulnerable	2026-06-03 14:31:09.980085	Details available The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. Published: 2011-08-05T21:00:00.000Z Updated: 2024-08-06T23:08:23.972Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2011/07/12/14 http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ https://bugzilla.redhat.com/show_bug.cgi?id=722415 http://www.openwall.com/lists/oss-security/2011/07/20/16 http://www.redhat.com/support/errata/RHSA-2011-1581.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0188`	vulnerable	2026-06-03 14:30:47.741089	Details available The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." Published: 2011-03-23T01:00:00.000Z Updated: 2024-08-06T21:43:15.487Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2011-0910.html http://www.securitytracker.com/id?1025236 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0909.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2489`	vulnerable	2026-06-03 14:30:25.699217	Details available Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files. Published: 2010-07-09T19:00:00.000Z Updated: 2024-08-07T02:32:16.763Z Open on db.gcve.eu Reference links http://www.osvdb.org/66040 http://www.openwall.com/lists/oss-security/2010/07/02/10 http://secunia.com/advisories/40442 https://exchange.xforce.ibmcloud.com/vulnerabilities/60135 http://www.openwall.com/lists/oss-security/2010/07/02/1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.