SUSE CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

SUSE CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

SUSE CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

SUSE CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

openSUSE Security Update : ruby / ruby19 (openSUSE-SU-2012:1443-1)

This update of ruby fixed multiple SAFE level bypass flaws. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-763. The text description of this plugin is C SUSE LLC...

Design/Logic Flaw

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

Medium: ruby

Issue Overview: It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML...

RedHat Update for ruby RHSA-2011:0909-01

Check for the Version of ruby OpenVAS Vulnerability Test RedHat Update for ruby RHSA-2011:0909-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming....

Ruby vulnerability allowing to bypass safe level 4 as a sandbox

Overview Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: "object taint" and "safe level". Ruby contains a vulnerability that may allow an attacker to execute an arbitrary script by bypassing the "safe level" checks. Impact An attacker...

Fedora Core 4 : ruby-1.8.4-3.fc4 (2006-842)

Thu Jul 20 2006 Akira TAGOH - 1.8.4-3 - security fixes CVE-2006-3694 - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. 199538 - ruby-1.8.4-fix-alias-safe-level.patch: fixed to...

security flaw

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program throu...

Security Bypass Vulnerability with Ruby

The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...