CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

783 matches found

CNVD•added 2018/04/19 12:0 a.m.•1 views

mruby integer overflow vulnerability

mruby is a lightweight implementation of the Ruby language. An integer overflow vulnerability exists in the 'mrbvmexec' function in src/vm.c in mruby 1.4.0 and earlier. An attacker can exploit this vulnerability to execute arbitrary code memory misreference...

9.8CVSS8AI score0.01293EPSS

Exploits1References1

UbuntuCve•added 2018/04/18 3:29 p.m.•25 views

CVE-2018-10199

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

9.8CVSS7.2AI score0.01443EPSS

Exploits0References3

OSV•added 2018/04/18 3:29 p.m.•1 views

UBUNTU-CVE-2018-10199

9.8CVSS7.5AI score0.01443EPSS

Exploits0References4

Prion•added 2018/04/18 3:29 p.m.•10 views

Design/Logic Flaw

7.5CVSS9.7AI score0.01443EPSS

Exploits0References2Affected Software1

OSV•added 2018/04/18 3:29 p.m.•1 views

DEBIAN-CVE-2018-10199

9.8CVSS7.8AI score0.01443EPSS

Exploits0References1

NVD•added 2018/04/18 3:29 p.m.•8 views

CVE-2018-10199

9.8CVSS9.8AI score0.01443EPSS

Exploits0References2

Cvelist•added 2018/04/18 3:0 p.m.•12 views

CVE-2018-10199

9.8AI score0.01443EPSS

Exploits0References2

CVE•added 2018/04/18 3:0 p.m.•47 views

CVE-2018-10199

CVE-2018-10199 affects mruby up to and including 1.4.0. The use-after-free occurs in src/io.c::File#initilialize_copy() and can allow an attacker who can trigger Ruby code execution to potentially run arbitrary code. The available documents consistently describe the vulnerability in this MRuby ve...

9.8CVSS9.7AI score0.01443EPSS

Exploits0References2Affected Software1

Debian CVE•added 2018/04/18 3:0 p.m.•18 views

CVE-2018-10199

9.8CVSS9.8AI score0.01443EPSS

Exploits0

RubySec•added 2018/04/18 12:0 a.m.•14 views

Use after free in File#initilialize_copy

9.8CVSS7.6AI score0.01443EPSS

Exploits0References1Affected Software1

OSV•added 2018/04/17 9:29 p.m.•14 views

CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...

9.8CVSS9.9AI score

Exploits0References3

OSV•added 2018/04/17 9:29 p.m.•1 views

UBUNTU-CVE-2018-10191

9.8CVSS7.5AI score0.01293EPSS

Exploits1References4

Prion•added 2018/04/17 9:29 p.m.•15 views

Integer overflow

7.5CVSS9.7AI score0.01293EPSS

Exploits1References3Affected Software2

OSV•added 2018/04/17 9:29 p.m.•1 views

DEBIAN-CVE-2018-10191

9.8CVSS9.1AI score0.01293EPSS

Exploits1References1

NVD•added 2018/04/17 9:29 p.m.•11 views

CVE-2018-10191

9.8CVSS9.8AI score0.01293EPSS

Exploits1References3

UbuntuCve•added 2018/04/17 9:29 p.m.•27 views

CVE-2018-10191

9.8CVSS7.5AI score0.01293EPSS

Exploits1References3

CVE•added 2018/04/17 9:0 p.m.•71 views

CVE-2018-10191

CVE-2018-10191 affects mruby up to version 1.4.0, where an integer overflow in src/vm.c::mrb_vm_exec() during OP_GETUPVAR with deep scope nesting leads to a use-after-free. This can enable arbitrary code execution if Ruby code is run. Public details in connected sources confirm the issue and indi...

9.8CVSS9.7AI score0.01293EPSS

Exploits1References3Affected Software1

Cvelist•added 2018/04/17 9:0 p.m.•15 views

CVE-2018-10191

9.8AI score0.01293EPSS

Exploits1References3

Debian CVE•added 2018/04/17 9:0 p.m.•26 views

CVE-2018-10191

9.8CVSS9.8AI score0.01293EPSS

Exploits1

RubySec•added 2018/04/17 12:0 a.m.•21 views

Use after free caused by integer overflow in environment stack