EUVD-2012-4410

Malware in sbrugna...

SUSE CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

Oracle Linux 6 : ruby (ELSA-2013-0612)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0612 advisory. - escaping vulnerability about Exceptiontos / NameErrortos ruby-1.8.7-p371-CVE-2012-4481.patch - Related: rhbz915379 Tenable has extracted the precedin...

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

Design/Logic Flaw

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

CVE-2012-4481

CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

PT-2013-1678 · Ruby +3 · Ruby +3

Name of the Vulnerable Software and Affected Versions: Ruby version 1.8.7 Description: The safe-level feature in Ruby allows context-dependent attackers to modify strings via the NameErrorto s method when operating on Ruby objects. Recommendations: For Ruby version 1.8.7, at the moment, there is ...

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

Ruby incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s

The official ruby site reports: Vulnerabilities found for Exceptiontos, NameErrortos, and nameerrmesgtos which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes. Ruby's $SAFE mechanism enables untrusted user codes to run in $SA...

Fedora 7 : mailman-2.1.9-5.3 (2008-1356)

Tue Feb 5 2008 Tomas Smetana - 3:2.1.9-5.3 - patch for CVE-2008-0564; XSS triggerable by list administrator - Wed Dec 5 2007 Tomas Smetana - 3:2.1.9-5.2 - more LCCTYPE fixes - Tue Oct 16 2007 Tomas Smetana - 3:2.1.9-5.1 - fix 333011 -- withlist crashes with NameError Note that Tenable Network...