Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310865235HistoryJan 24, 2013 - 12:00 a.m.
Fedora Update for rubygem-activerecord FEDORA-2013-0686
2013-01-2400:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
13
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_tag(name:"affected", value:"rubygem-activerecord on Fedora 16");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097243.html");
script_oid("1.3.6.1.4.1.25623.1.0.865235");
script_version("2023-06-21T05:06:22+0000");
script_tag(name:"last_modification", value:"2023-06-21 05:06:22 +0000 (Wed, 21 Jun 2023)");
script_tag(name:"creation_date", value:"2013-01-24 09:25:22 +0530 (Thu, 24 Jan 2013)");
script_cve_id("CVE-2013-0155", "CVE-2013-0156", "CVE-2012-6496",
"CVE-2012-2695", "CVE-2012-2661");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"FEDORA", value:"2013-0686");
script_name("Fedora Update for rubygem-activerecord FEDORA-2013-0686");
script_tag(name:"summary", value:"The remote host is missing an update for the 'rubygem-activerecord'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC16");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC16")
{
if ((res = isrpmvuln(pkg:"rubygem-activerecord", rpm:"rubygem-activerecord~3.0.10~5.fc16", rls:"FC16")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-5.fc17
2013-01-23 01:53:38
[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-5.fc16
2013-01-23 01:34:00
[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-4.fc17
2013-01-15 02:31:35
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2013-0686
2013-01-24 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2013-0635
2013-01-24 00:00:00
Fedora Update for rubygem-activerecord FEDORA-2013-0635
2013-01-24 00:00:00
nessus
nessus
openSUSE Security Update : ruby (openSUSE-SU-2013:0278-1)
2014-06-13 00:00:00
Fedora 17 : rubygem-activerecord-3.0.11-3.fc17 (2012-9635)
2012-07-01 00:00:00
Fedora 16 : rubygem-activerecord-3.0.10-3.fc16 (2012-9639)
2012-07-01 00:00:00
osv
osv
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
Active Record vulnerable to SQL Injection via nested query parameters
2017-10-24 18:33:38
Active Record contains SQL Injection
2017-10-24 18:33:37
cve
cve
debiancve
debiancve
github
github
Active Record vulnerable to SQL Injection via nested query parameters
2017-10-24 18:33:38
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
Active Record contains SQL Injection
2017-10-24 18:33:37
prion
prion
gitlab
gitlab
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2017-10-24 00:00:00
Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
2013-01-03 00:00:00
SQL injection vulnerability in Active Record
2012-06-22 00:00:00
ubuntucve
ubuntucve
ics
ics
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
rubygem-activerecord -- multiple vulnerabilities
2012-05-31 00:00:00
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for rubygem-actionpack (important)
2012-08-21 19:08:38
redhat
redhat
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
rubygems
rubygems
ibm
ibm
seebug
seebug
Ruby on Rails Active Record组件SQL注入漏洞(CVE-2012-6496)
2013-01-05 00:00:00
SQL Injection Vulnerability in Ruby on Rails
2012-06-01 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
gentoo
gentoo
Active Record: SQL injection
2014-01-21 00:00:00
veracode
veracode
SQL Command Injection
2019-01-15 08:53:39
Denial Of Service (DoS) Memory Consumption, Arbitrary Code Execution And Object-injection Attacks
2019-01-15 08:53:34
Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass
2019-01-15 08:54:45
checkpoint_advisories
checkpoint_advisories
Ruby on Rails Hash SQL Injection (CVE-2012-2695)
2012-10-14 00:00:00
packetstorm
packetstorm
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
cert
cert
Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters
2013-01-08 00:00:00
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
debian
debian
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
[SECURITY] [DSA 2609-1] rails security update
2013-01-16 21:17:01
zdt
zdt
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
kitploit
kitploit
[Nmap v6.40] Free Security Scanner For Network Exploration & Security Audits
2013-08-21 01:33:00
threatpost
threatpost
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
exploitdb
exploitdb
8.2 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Related for OPENVAS:1361412562310865235