Lucene search
K

25 matches found

Veracode
Veracode
added 2019/05/02 4:45 a.m.38 views

Arbitrary Code Execution

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files...

5CVSS6.6AI score0.02772EPSS
Exploits3References11Affected Software36
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.28 views

Amazon Linux: Security Advisory (ALAS-2013-173)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.06671EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.30 views

Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an...

6.8CVSS7.6AI score0.05741EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.29 views

Amazon Linux AMI : ruby (ALAS-2013-173)

It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...

5CVSS8.3AI score0.06671EPSS
Exploits2References4
Cvelist
Cvelist
added 2013/05/02 2:0 p.m.29 views

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

6.6AI score0.01941EPSS
Exploits0References6
CVE
CVE
added 2013/05/02 2:0 p.m.90 views

CVE-2012-4481

CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...

4.3CVSS5.7AI score0.01941EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.31 views

Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)

Updated ruby packages fix security vulnerabilities : Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions CVE-2012-4466, CVE-2012-4481. It was...

5CVSS8AI score0.06671EPSS
Exploits1References3
Amazon
Amazon
added 2013/03/14 12:0 a.m.50 views

Medium: ruby

Issue Overview: It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML...

5CVSS8.7AI score0.06671EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2013/03/12 12:0 a.m.31 views

CentOS Update for ruby CESA-2013:0612 centos6

Check for the Version of ruby OpenVAS Vulnerability Test CentOS Update for ruby CESA-2013:0612 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS6.9AI score0.06671EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2013/03/10 12:0 a.m.39 views

CentOS 6 : ruby (CESA-2013:0612)

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

5CVSS8.2AI score0.06671EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2013/03/08 12:0 a.m.24 views

RedHat Update for ruby RHSA-2013:0612-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2013:0612-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

5CVSS6.9AI score0.06671EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2013/03/08 12:0 a.m.38 views

RHEL 6 : ruby (RHSA-2013:0612)

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

5CVSS8.2AI score0.06671EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2013/03/08 12:0 a.m.26 views

Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20130307)

It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...

5CVSS8.3AI score0.06671EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/03/07 6:53 p.m.45 views

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

5CVSS7.3AI score0.06671EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2013/01/21 12:0 a.m.34 views

CentOS Update for ruby CESA-2013:0129 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.8AI score0.02772EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2013/01/11 12:0 a.m.31 views

RedHat Update for ruby RHSA-2013:0129-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2013:0129-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

5CVSS6.5AI score0.02772EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2013/01/11 12:0 a.m.34 views

RedHat Update for ruby RHSA-2013:0129-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7AI score0.02772EPSS
Exploits3References2
Oracle linux
Oracle linux
added 2013/01/11 12:0 a.m.44 views

ruby security and bug fix update

1.8.5-27 - unintentional file creation caused by inserting an illegal NUL character ruby-1.8.6-CVE-2012-4522-io.c-pipeopen-command-name-should-not-contain-null-.patch - Related: rhbz867750 1.8.5-26 - escaping vulnerability about Exceptiontos / NameErrortos ruby-1.8.7-p371-CVE-2012-4481.patch -...

5CVSS0.9AI score0.02204EPSS
Exploits1
OpenVAS
OpenVAS
added 2012/10/31 12:0 a.m.34 views

Ubuntu Update for ruby1.8 USN-1603-2

Ubuntu Update for Linux kernel vulnerabilities USN-1603-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN16032.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ruby1.8 USN-1603-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

5CVSS6AI score0.02619EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2012/10/23 12:1 a.m.65 views

USN-1603-2: Ruby vulnerabilities

USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Original advisory details: Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to...

5CVSS8AI score0.02619EPSS
Exploits1
Rows per page
Query Builder