15 matches found
EUVD-2012-4395
Malware in sbrugna...
EUVD-2012-4393
Malware in sbrugna...
SUSE CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
Access Control Bypass
ruby is vulnerable to access control bypass. A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted tainted code to modify arbitrary, trusted untainted...
MGASA-2016-0027 Updated perl and perl-PathTools packages fix security vulnerability
It was reported that File::Spec::canonpath routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code CVE-2015-8607...
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
Ubuntu 12.10 : ruby1.8 vulnerabilities (USN-1603-2)
USN-1603-1 fixed vulnerabilities in Ruby. This update provides the corresponding updates for Ubuntu 12.10. Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access...
Medium: ruby
Issue Overview: Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different...
Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
Ruby name_err_mesg_to_str Method Safe Level Security Bypass
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...
USN-1602-1: Ruby vulnerabilities
Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2012-4464, CVE-2012-4466...
CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...
CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...
Ubuntu 12.04 LTS : ruby1.9.1 vulnerabilities (USN-1583-1)
It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. CVE-2011-1005 John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates...