Lucene search
+L

156 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Ruby <= 1.9 Safe Level Multiple Function Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/30644/info Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service: - Multiple security-bypass vulnerabilities occur because of errors in the 'safe leve...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.36 views

openSUSE Security Update : ruby / ruby19 (openSUSE-SU-2012:1443-1)

This update of ruby fixed multiple SAFE level bypass flaws. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-763. The text description of this plugin is C SUSE LLC...

5CVSS7.7AI score0.02619EPSS
Exploits1References5
NVD
NVD
added 2013/11/02 7:55 p.m.23 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS6.4AI score0.0251EPSS
Exploits1References7
Prion
Prion
added 2013/11/02 7:55 p.m.24 views

Code injection

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS6.8AI score0.0251EPSS
Exploits1References7Affected Software2
Cvelist
Cvelist
added 2013/11/02 7:0 p.m.32 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

5.5AI score0.0251EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2013/11/02 12:0 a.m.27 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS7.1AI score0.0251EPSS
Exploits1References4
Amazon
Amazon
added 2013/09/26 12:0 a.m.58 views

Low: ruby19

Issue Overview: 1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Affected Packages: ruby19 Issue Correction: Run...

6.4CVSS8.4AI score0.0251EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.30 views

Amazon Linux AMI : ruby (ALAS-2013-173)

It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...

5CVSS8.3AI score0.06671EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.34 views

Oracle Linux 3 : ruby (ELSA-2008-0896)

From Red Hat Security Advisory 2008:0896 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...

7.5CVSS6.5AI score0.15678EPSS
Exploits4References4
RubySec
RubySec
added 2013/05/14 12:0 a.m.30 views

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS5.7AI score0.0251EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2013/05/02 2:55 p.m.25 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS6.5AI score0.01941EPSS
Exploits0References6
Prion
Prion
added 2013/05/02 2:55 p.m.28 views

Design/Logic Flaw

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS6.4AI score0.02772EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2013/05/02 2:0 p.m.92 views

CVE-2012-4481

CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...

4.3CVSS5.7AI score0.01941EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2013/05/02 2:0 p.m.30 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

6.6AI score0.01941EPSS
Exploits0References6
NVD
NVD
added 2013/04/25 11:55 p.m.35 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS6.6AI score0.0218EPSS
Exploits0References7
Prion
Prion
added 2013/04/25 11:55 p.m.23 views

Design/Logic Flaw

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS6.6AI score0.02772EPSS
Exploits2References7Affected Software1
Cvelist
Cvelist
added 2013/04/25 11:0 p.m.43 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

6.7AI score0.0218EPSS
Exploits0References7
CVE
CVE
added 2013/04/25 11:0 p.m.99 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 are vulnerable to a context-dependent taint bypass via exc_to_s or name_err_to_s in the exception-to-string paths, allowing modification of untainted strings and bypassing safe-level restrictions (distinct from CVE-2012-4466). Root c...

5CVSS5.8AI score0.0218EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/04/25 11:0 p.m.33 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

6.7AI score0.02619EPSS
Exploits1References9
CVE
CVE
added 2013/04/25 11:0 p.m.101 views

CVE-2012-4466

CVE-2012-4466 affects Ruby 1.8.7 before patchlevel 371, Ruby 1.9.3 before patchlevel 286, and Ruby 2.0 before revision r37068. The issue allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via name_err_mesg_to_str, tainting handling for strings. This ...

5CVSS5.8AI score0.02619EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder