Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310865182HistoryJan 21, 2013 - 12:00 a.m.
Fedora Update for rubygem-activesupport FEDORA-2013-0568
2013-01-2100:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
19
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097214.html");
script_oid("1.3.6.1.4.1.25623.1.0.865182");
script_version("2023-06-21T05:06:22+0000");
script_tag(name:"last_modification", value:"2023-06-21 05:06:22 +0000 (Wed, 21 Jun 2023)");
script_tag(name:"creation_date", value:"2013-01-21 09:34:49 +0530 (Mon, 21 Jan 2013)");
script_cve_id("CVE-2013-0155", "CVE-2013-0156");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name:"FEDORA", value:"2013-0568");
script_name("Fedora Update for rubygem-activesupport FEDORA-2013-0568");
script_tag(name:"summary", value:"The remote host is missing an update for the 'rubygem-activesupport'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC18");
script_tag(name:"affected", value:"rubygem-activesupport on Fedora 18");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC18")
{
if ((res = isrpmvuln(pkg:"rubygem-activesupport", rpm:"rubygem-activesupport~3.2.8~2.fc18", rls:"FC18")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}Related
ics
ics
openvas
openvas
Fedora Update for rubygem-activemodel FEDORA-2013-0686
2013-01-24 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-0686
2013-01-24 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2013-0568
2013-01-21 00:00:00
nessus
nessus
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-2.fc18
2013-01-20 03:40:48
[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16
2013-01-23 01:34:00
[SECURITY] Fedora 18 Update: rubygem-actionpack-3.2.8-2.fc18
2013-01-20 03:40:48
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
Rails 4 -- Unsafe Query Generation Risk in Active Record
2016-08-11 00:00:00
packetstorm
packetstorm
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
redhat
redhat
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
(RHSA-2013:1794) Important: ruby193-rubygem-actionpack security update
2013-12-05 00:00:00
prion
prion
cve
cve
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
osv
osv
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
rails - insufficient input validation
2013-01-09 00:00:00
HTTParty does not restrict casts of string values
2017-10-24 18:33:37
veracode
veracode
Denial Of Service (DoS) Memory Consumption, Arbitrary Code Execution And Object-injection Attacks
2019-01-15 08:53:34
Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass
2019-01-15 08:54:45
Database Authorization Bypass
2019-01-15 09:01:52
debian
debian
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
[SECURITY] [DSA 2609-1] rails security update
2013-01-16 21:17:01
cert
cert
Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters
2013-01-08 00:00:00
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
checkpoint_advisories
checkpoint_advisories
zdt
zdt
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
kitploit
kitploit
threatpost
threatpost
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
seebug
seebug
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
Ruby on Rails XML Processor YAML Deserialization Code Execution
2014-07-01 00:00:00
Ruby on Rails不安全查询生成漏洞
2013-01-10 00:00:00
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
gitlab
gitlab
Multiple vulnerabilities in parameter parsing in Action Pack
2013-01-13 00:00:00
Unsafe Query Generation Risk in Ruby on Rails
2013-01-13 00:00:00
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
2013-12-06 00:00:00
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
nori contains Improper Input Validation
2017-10-24 18:33:37
activesupport in Rails vulnerable to incorrect data conversion
2017-10-24 18:33:37
ubuntucve
ubuntucve
debiancve
debiancve
exploitdb
exploitdb
rubygems
rubygems
CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack
2013-01-07 20:00:00
Ruby Gem nori Parameter Parsing Remote Code Execution
2013-01-09 20:00:00
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
2013-12-02 20:00:00
nmap
nmap
http-vuln-cve2013-0156 NSE Script
2013-04-25 03:15:33
ibm
ibm
hackerone
hackerone
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Related for OPENVAS:1361412562310865182