Lucene search
K

50 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-4395

Malware in sbrugna...

5CVSS8AI score0.02619EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4393

Malware in sbrugna...

5CVSS8AI score0.02619EPSS
Exploits1References10
Veracode
Veracode
added 2020/04/10 12:26 a.m.29 views

Access Control Bypass

ruby is vulnerable to access control bypass. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions...

7.5CVSS3.3AI score0.14085EPSS
Exploits1References34Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.34968EPSS
Exploits8References2
Veracode
Veracode
added 2019/05/02 4:53 a.m.25 views

Authorization Bypass

ruby is vulnerable to authorization bypass. A remote attacker can bypass safe-level restrictions and use Exceptiontos to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified...

5CVSS6.1AI score0.02619EPSS
Exploits1References24Affected Software35
NVD
NVD
added 2013/11/02 7:55 p.m.21 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS6.4AI score0.0251EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2013/11/02 12:0 a.m.26 views

CVE-2013-2065

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS7.1AI score0.0251EPSS
Exploits1References4
Amazon
Amazon
added 2013/09/26 12:0 a.m.55 views

Low: ruby19

Issue Overview: 1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Affected Packages: ruby19 Issue Correction: Run...

6.4CVSS8.4AI score0.0251EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.34 views

Oracle Linux 3 : ruby (ELSA-2008-0896)

From Red Hat Security Advisory 2008:0896 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for...

7.5CVSS6.5AI score0.15678EPSS
Exploits4References4
RubySec
RubySec
added 2013/05/14 12:0 a.m.30 views

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS5.7AI score0.0251EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2013/04/25 11:55 p.m.35 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS6.6AI score0.0218EPSS
Exploits0References7
CVE
CVE
added 2013/04/25 11:0 p.m.95 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 are vulnerable to a context-dependent taint bypass via exc_to_s or name_err_to_s in the exception-to-string paths, allowing modification of untainted strings and bypassing safe-level restrictions (distinct from CVE-2012-4466). Root c...

5CVSS5.8AI score0.0218EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2013/04/25 11:0 p.m.100 views

CVE-2012-4466

CVE-2012-4466 affects Ruby 1.8.7 before patchlevel 371, Ruby 1.9.3 before patchlevel 286, and Ruby 2.0 before revision r37068. The issue allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via name_err_mesg_to_str, tainting handling for strings. This ...

5CVSS5.8AI score0.02619EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2013/04/25 11:0 p.m.39 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

6.7AI score0.0218EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/04/25 11:0 p.m.28 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

6.7AI score0.02619EPSS
Exploits1References9
Cent OS
Cent OS
added 2013/03/09 12:47 a.m.73 views

ruby security update

CentOS Errata and Security Advisory CESA-2013:0612 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores...

5CVSS7.3AI score0.06671EPSS
Exploits2References7
Amazon
Amazon
added 2012/10/23 12:0 a.m.45 views

Medium: ruby

Issue Overview: Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different...

5CVSS8.5AI score0.02772EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2012/10/03 12:0 a.m.28 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS7.1AI score0.0218EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2012/10/03 12:0 a.m.30 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS7.1AI score0.02619EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.34 views

Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. CVE-2008-3905 Ruby's XML document parsing module REXML was prone to a denial of service...

7.8CVSS6.7AI score0.70202EPSS
Exploits9References7
Rows per page
Query Builder