Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1614-1
HistoryOct 23, 2012 - 12:00 a.m.

Ruby vulnerabilities

2012-10-2300:00:00
ubuntu.com
26

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04

Packages

  • ruby1.9.1 - Interpreter of object-oriented scripting language Ruby

Details

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. USN-1602-1 fixed these
vulnerabilities in other Ubuntu releases. This update provides the
corresponding updates for Ubuntu 12.10. (CVE-2012-4464, CVE-2012-4466)

Peter Bex discovered that Ruby incorrectly handled file path strings when
opening files. An attacker could use this flaw to open or create unexpected
files. (CVE-2012-4522)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchlibruby1.9.1<ย 1.9.3.194-1ubuntu1.2UNKNOWN
Ubuntu12.10noarchlibruby1.9.1-dbg<ย 1.9.3.194-1ubuntu1.2UNKNOWN
Ubuntu12.10noarchlibtcltk-ruby1.9.1<ย 1.9.3.194-1ubuntu1.2UNKNOWN
Ubuntu12.10noarchruby1.9.1<ย 1.9.3.194-1ubuntu1.2UNKNOWN
Ubuntu12.10noarchruby1.9.1-dev<ย 1.9.3.194-1ubuntu1.2UNKNOWN
Ubuntu12.04noarchlibruby1.9.1<ย 1.9.3.0-1ubuntu2.4UNKNOWN
Ubuntu12.04noarchlibruby1.9.1-dbg<ย 1.9.3.0-1ubuntu2.4UNKNOWN
Ubuntu12.04noarchlibtcltk-ruby1.9.1<ย 1.9.3.0-1ubuntu2.4UNKNOWN
Ubuntu12.04noarchruby1.9.1<ย 1.9.3.0-1ubuntu2.4UNKNOWN
Ubuntu12.04noarchruby1.9.1-dev<ย 1.9.3.0-1ubuntu2.4UNKNOWN

Related

nessus 24
openvas 34
fedora 9
freebsd 2
ubuntu 3
cve 3
prion 3
ubuntucve 3
veracode 3
seebug 2
rubygems 2
securityvulns 2
oraclelinux 1
amazon 1
redhat 2
centos 1
debian 1
osv 1
nessus
nessus
Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1614-1)
2012-10-23 00:00:00
SuSE 11.2 Security Update : ruby (SAT Patch Number 7386)
2013-03-13 00:00:00
Ubuntu 12.04 LTS : ruby1.9.1 vulnerabilities (USN-1602-1)
2012-10-11 00:00:00
openvas
openvas
Fedora Update for ruby FEDORA-2012-16086
2012-10-23 00:00:00
Ubuntu Update for ruby1.9.1 USN-1614-1
2012-10-23 00:00:00
Ubuntu: Security Advisory (USN-1614-1)
2012-10-23 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: ruby-1.9.3.286-18.fc17
2012-10-22 01:59:29
[SECURITY] Fedora 17 Update: ruby-1.9.3.392-29.fc17
2013-03-05 23:33:43
[SECURITY] Fedora 17 Update: ruby-1.9.3.327-19.fc17
2012-11-19 02:26:49
freebsd
freebsd
ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s
2012-08-21 00:00:00
ruby -- Unintentional file creation caused by inserting an illegal NUL character
2012-10-12 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2012-10-10 00:00:00
Ruby vulnerabilities
2012-10-23 00:00:00
Ruby vulnerabilities
2012-10-10 00:00:00
cve
cve
CVE-2012-4464
2013-04-25 23:55:00
CVE-2012-4522
2012-11-24 20:55:00
CVE-2012-4466
2013-04-25 23:55:00
prion
prion
Design/Logic Flaw
2013-04-25 23:55:00
Path traversal
2012-11-24 20:55:00
Code injection
2013-04-25 23:55:00
ubuntucve
ubuntucve
CVE-2012-4464
2012-10-03 00:00:00
CVE-2012-4522
2012-10-15 00:00:00
CVE-2012-4466
2012-10-03 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 04:53:42
Authorization Bypass
2019-05-02 04:53:43
Arbitrary Code Execution
2019-05-02 04:45:35
seebug
seebug
Ruby ๆœฌๅœฐๆ–‡ไปถๅˆ›ๅปบๆผๆดž(CVE-2012-4522)
2012-10-23 00:00:00
Ruby ๅฎ‰ๅ…จ็บงๅˆซ้™ๅˆถ็ป•่ฟ‡ๆผๆดž(CVE-2012-4466)
2013-04-28 00:00:00
rubygems
rubygems
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
2012-10-11 20:00:00
Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass
2012-10-11 20:00:00
securityvulns
securityvulns
Ruby restrictions bypass
2012-10-15 00:00:00
[USN-1603-1] Ruby vulnerabilities
2012-10-15 00:00:00
oraclelinux
oraclelinux
ruby security and bug fix update
2013-01-11 00:00:00
amazon
amazon
Medium: ruby
2012-10-23 10:43:00
redhat
redhat
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
(RHSA-2013:0129) Moderate: ruby security and bug fix update
2013-01-08 00:00:00
centos
centos
ruby security update
2013-01-09 20:36:59
debian
debian
[SECURITY] [DLA 235-1] ruby1.9.1 security update
2015-05-30 20:45:15
osv
osv
ruby1.9.1 - security update
2015-05-30 00:00:00

5.8 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON
Related for USN-1614-1
nessus24openvas34fedora9freebsd2ubuntu3cve3prion3ubuntucve3veracode3seebug2rubygems2securityvulns2oraclelinux1amazon1redhat2centos1debian1osv1