Lucene search
K

156 matches found

Amazon
Amazon
added 2013/03/14 12:0 a.m.51 views

Medium: ruby

Issue Overview: It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML...

5CVSS8.7AI score0.06671EPSS
Exploits2References1
Cent OS
Cent OS
added 2013/03/09 12:47 a.m.73 views

ruby security update

CentOS Errata and Security Advisory CESA-2013:0612 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores...

5CVSS7.3AI score0.06671EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2013/03/08 12:0 a.m.38 views

RHEL 6 : ruby (RHSA-2013:0612)

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

5CVSS8.2AI score0.06671EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2013/03/08 12:0 a.m.26 views

Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20130307)

It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...

5CVSS8.3AI score0.06671EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.4 views

1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS7.2AI score0.0218EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.5 views

ruby: safe level bypass via name_err_mesg_to_str()

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS7.2AI score0.02619EPSS
Exploits1References4
Cent OS
Cent OS
added 2013/01/09 8:36 p.m.63 views

ruby security update

CentOS Errata and Security Advisory CESA-2013:0129 Updated ruby packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

5CVSS7.2AI score0.02772EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2013/01/08 4:31 a.m.5 views

ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

5CVSS7.3AI score0.02772EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2013/01/08 12:0 a.m.6 views

PT-2013-1678 · Ruby +3 · Ruby +3

Name of the Vulnerable Software and Affected Versions: Ruby version 1.8.7 Description: The safe-level feature in Ruby allows context-dependent attackers to modify strings via the NameErrorto s method when operating on Ruby objects. Recommendations: For Ruby version 1.8.7, at the moment, there is ...

6.8CVSS6.8AI score0.34968EPSS
Exploits4References36
Amazon
Amazon
added 2012/10/23 12:0 a.m.45 views

Medium: ruby

Issue Overview: Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different...

5CVSS8.5AI score0.02772EPSS
Exploits2
RubySec
RubySec
added 2012/10/12 12:0 a.m.43 views

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS4.9AI score0.02619EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2012/10/12 12:0 a.m.38 views

Ruby name_err_mesg_to_str Method Safe Level Security Bypass

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS5.2AI score0.02619EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2012/10/05 12:0 a.m.48 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS5.9AI score0.01941EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/10/03 12:0 a.m.28 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS7.1AI score0.0218EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2012/10/03 12:0 a.m.30 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS7.1AI score0.02619EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.34 views

Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. CVE-2008-3905 Ruby's XML document parsing module REXML was prone to a denial of service...

7.8CVSS6.7AI score0.70202EPSS
Exploits9References7
OpenVAS
OpenVAS
added 2011/07/08 12:0 a.m.27 views

RedHat Update for ruby RHSA-2011:0909-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2011:0909-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

6.8CVSS0.1AI score0.15684EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2011/07/08 12:0 a.m.27 views

RedHat Update for ruby RHSA-2011:0908-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS7.2AI score0.15684EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2011/06/28 5:30 p.m.6 views

Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7.4AI score0.02772EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2011/06/28 5:27 p.m.7 views

Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7.4AI score0.02772EPSS
Exploits2References4
Rows per page
Query Builder