Lucene search
K

31 matches found

CVE
CVE
added 2025/12/17 8:15 p.m.16 views

CVE-2025-14762

CVE-2025-14762 describes a missing cryptographic key commitment in the AWS SDK for Ruby that can allow a user with write access to an S3 bucket to introduce a new EDK and decrypt data to different plaintext when the encrypted data key is stored in an instruction file rather than in S3 metadata. T...

6CVSS6.3AI score0.00185EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/17 8:15 p.m.27 views

CVE-2025-14762

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...

6CVSS0.00185EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0336

Malware in sbrugna...

5CVSS6.4AI score0.01512EPSS
Exploits1References7
Kitploit
Kitploit
added 2020/08/25 12:30 p.m.45 views

AWS Recon - Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata

A multi-threaded AWS inventory collection tool. The creators of this tool have a recurring need to be able to efficiently collect a large amount of AWS resource attributes and metadata to help clients understand their cloud security posture. There are a handful of tools e.g. AWS Config,...

7AI score
Exploits0References5
Hacker One
Hacker One
added 2018/10/13 6:8 p.m.10 views

Shopify: H1514 Shopify API ruby SDK session setup lacks input validation, resulting in SSRF and leakage of client secret

Hi team, The Shopify API ruby SDK has the ability for the developer to interact with their shop's REST API. When setting up the gem, a code structure similar to the one below may be used to set up the connection: ruby require 'shopifyapi' class SomeController ' session =...

0.1AI score
Exploits0
OSV
OSV
added 2017/10/24 6:33 p.m.13 views

GHSA-XWR3-FMGJ-MMFR Exposure of Sensitive Information in bio-basespace-sdk

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

5CVSS6.1AI score0.01512EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.34 views

Exposure of Sensitive Information in bio-basespace-sdk

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

5CVSS6.1AI score0.01512EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2014/04/29 2:38 p.m.25 views

CVE-2013-7111

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

5CVSS6.3AI score0.01512EPSS
Exploits1References3
Prion
Prion
added 2014/04/29 2:38 p.m.11 views

Command injection

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

5CVSS6.9AI score0.01512EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/04/29 2:0 p.m.22 views

CVE-2013-7111

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

6.3AI score0.01512EPSS
Exploits1References3
CVE
CVE
added 2014/04/29 2:0 p.m.70 views

CVE-2013-7111

The CVE-2013-7111 issue affects Bio Basespace SDK for Ruby (BaseSpace Ruby SDK gem, version 0.1.7). The put_call function in api/api_client.rb passes the API_KEY on the command line, which allows information disclosure by listing processes. This exposure could reveal API keys used by the client, ...

5CVSS6.5AI score0.01512EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder