CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

7.5CVSS7.3AI score0.14418EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 6:14 a.m.•1 views

SUSE CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...

6.4CVSS7.8AI score0.05099EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 6:7 a.m.•1 views

SUSE CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

7.5CVSS7.6AI score0.47517EPSS

Exploits1References5

SUSE CVE•added 2023/02/15 5:54 a.m.•1 views

SUSE CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS7AI score0.02121EPSS

Exploits2References6

SUSE CVE•added 2023/02/15 5:44 a.m.•1 views

SUSE CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS8.1AI score0.00888EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 5:44 a.m.•1 views

SUSE CVE-2012-4481

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...

4.3CVSS6.7AI score0.00488EPSS

Exploits1References7

SUSE CVE•added 2023/02/15 5:44 a.m.•1 views

SUSE CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS7.7AI score0.02189EPSS

Exploits1References4

Veracode•added 2020/04/10 12:59 a.m.•60 views

Access Control Bypass

ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...

5CVSS3.1AI score0.02121EPSS

Exploits2References23Affected Software1

Veracode•added 2020/04/10 12:26 a.m.•27 views

Access Control Bypass

ruby is vulnerable to access control bypass. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions...

7.5CVSS3.3AI score0.47517EPSS

Exploits1References34Affected Software1

OpenVAS•added 2020/01/23 12:0 a.m.•23 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.15626EPSS

Exploits10References2

Veracode•added 2019/05/02 4:53 a.m.•24 views

Authorization Bypass

ruby is vulnerable to authorization bypass. A remote attacker can bypass safe-level restrictions and use Exceptiontos to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified...

5CVSS6.1AI score0.02189EPSS

Exploits1References24Affected Software35

Veracode•added 2019/05/02 4:53 a.m.•29 views

Authorization Bypass

ruby is vulnerable to authorization bypass. A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted...

5CVSS6.1AI score0.02189EPSS

Exploits1References22Affected Software35

Veracode•added 2019/05/02 4:45 a.m.•36 views

Arbitrary Code Execution

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files...

5CVSS6.6AI score0.02121EPSS

Exploits3References11Affected Software36

Kitploit•added 2016/08/09 9:28 p.m.•21 views

APT2 - Automated Penetration Toolkit

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost...

7.5AI score

Exploits0References1

n0where•added 2016/06/15 7:46 a.m.•28 views

Automated Penetration Testing Toolkit: APT2

0.4AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by