18 matches found
EUVD-2012-4410
Malware in sbrugna...
EUVD-2011-1022
Malware in sbrugna...
EUVD-2022-29634
Malicious code in bioql PyPI...
EUVD-2022-49807
Malicious code in bioql PyPI...
CVE-2022-47029
An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update...
CVE-2020-11628
An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols CMP, ACME, REST, etc. through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. EJBCA's internal acces...
CVE-2022-47029
CVE-2022-47029 affects Action Launcher v50.5. The issue enables privilege escalation by altering the intent string to invoke the internal update function. Documented impact is high (confidentiality, integrity, and availability), with a local attack vector and no privileges required, but user inte...
CVE-2022-47029
An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update...
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...
ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...
CVE-2012-4481
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...
Ruby: Untrusted codes able to modify arbitrary strings
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
Ruby: Untrusted codes able to modify arbitrary strings
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
Ruby: Untrusted codes able to modify arbitrary strings
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
CVE-2011-1005
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
CVE-2011-1005
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
CVE-2010-3053
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service application crash via a crafted BDF font file, related to an attempted modification of a value in a static string...