Lucene search
K

18 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4393

Malware in sbrugna...

5CVSS8AI score0.02619EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-4395

Malware in sbrugna...

5CVSS8AI score0.02619EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.4 views

SUSE CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS8.1AI score0.0218EPSS
Exploits0References3
Veracode
Veracode
added 2020/04/10 12:59 a.m.62 views

Access Control Bypass

ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...

5CVSS3.1AI score0.02814EPSS
Exploits2References23Affected Software1
Veracode
Veracode
added 2019/05/02 4:53 a.m.25 views

Authorization Bypass

ruby is vulnerable to authorization bypass. A remote attacker can bypass safe-level restrictions and use Exceptiontos to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified...

5CVSS6.1AI score0.02619EPSS
Exploits1References24Affected Software35
Carbon Black Blog
Carbon Black Blog
added 2018/12/20 4:0 p.m.59 views

Untainted By Design: How Our MITRE ATT&CK Results Demonstrate the Resilience of Carbon Black

I started my career in cybersecurity 10 years ago as a Technical Operations Officer in the US Intelligence Community, where I had a first-hand view into the most sophisticated ongoing cyber operations in the world. One thing was always clear: attackers always found ways to stay a step ahead of th...

0.2AI score
Exploits0
OSV
OSV
added 2016/01/20 5:53 p.m.6 views

MGASA-2016-0027 Updated perl and perl-PathTools packages fix security vulnerability

It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code CVE-2015-8607...

7.5CVSS7.1AI score0.03124EPSS
Exploits0References4
NVD
NVD
added 2013/04/25 11:55 p.m.35 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS6.6AI score0.0218EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/04/25 11:0 p.m.38 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

6.7AI score0.0218EPSS
Exploits0References7
Amazon
Amazon
added 2012/10/23 12:0 a.m.45 views

Medium: ruby

Issue Overview: Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different...

5CVSS8.5AI score0.02772EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2012/10/23 12:0 a.m.30 views

Ubuntu 12.10 : ruby1.8 vulnerabilities (USN-1603-2)

USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access...

5CVSS8AI score0.02619EPSS
Exploits1References3
securityvulns
securityvulns
added 2012/10/15 12:0 a.m.43 views

Ruby restrictions bypass

Untainted strings modification is possible...

5CVSS2.6AI score0.02619EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2012/10/12 12:0 a.m.37 views

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS4.9AI score0.02619EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2012/10/12 12:0 a.m.34 views

Ruby name_err_mesg_to_str Method Safe Level Security Bypass

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS5.2AI score0.02619EPSS
Exploits1References1Affected Software1
Ubuntu
Ubuntu
added 2012/10/10 9:47 p.m.64 views

USN-1602-1: Ruby vulnerabilities

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2012-4464, CVE-2012-4466...

5CVSS8AI score0.02619EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2012/10/03 12:0 a.m.29 views

CVE-2012-4466

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS7.1AI score0.02619EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2012/10/03 12:0 a.m.28 views

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS7.1AI score0.0218EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2012/09/26 12:0 a.m.27 views

Ubuntu 12.04 LTS : ruby1.9.1 vulnerabilities (USN-1583-1)

It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2011-1005 John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates...

5.8CVSS8.3AI score0.02772EPSS
Exploits2References4
Rows per page
Query Builder