Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2013 Greenbone AGOPENVAS:1361412562310865237
HistoryJan 24, 2013 - 12:00 a.m.

Fedora Update for rubygem-activesupport FEDORA-2013-0686

2013-01-2400:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
13

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097244.html");
  script_oid("1.3.6.1.4.1.25623.1.0.865237");
  script_version("2023-06-21T05:06:22+0000");
  script_tag(name:"last_modification", value:"2023-06-21 05:06:22 +0000 (Wed, 21 Jun 2023)");
  script_tag(name:"creation_date", value:"2013-01-24 09:26:00 +0530 (Thu, 24 Jan 2013)");
  script_cve_id("CVE-2013-0155", "CVE-2013-0156", "CVE-2012-3464", "CVE-2012-1098");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_xref(name:"FEDORA", value:"2013-0686");
  script_name("Fedora Update for rubygem-activesupport FEDORA-2013-0686");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'rubygem-activesupport'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC16");
  script_tag(name:"affected", value:"rubygem-activesupport on Fedora 16");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "FC16")
{

  if ((res = isrpmvuln(pkg:"rubygem-activesupport", rpm:"rubygem-activesupport~3.0.10~5.fc16", rls:"FC16")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

Related

fedora 22
openvas 51
ics 1
nessus 16
freebsd 1
ubuntucve 8
github 10
osv 11
cve 10
gitlab 5
prion 10
packetstorm 2
metasploit 4
redhat 2
debiancve 8
suse 5
checkpoint_advisories 1
zdt 2
kitploit 1
saint 4
veracode 3
cert 2
debian 3
threatpost 3
seebug 3
thn 2
rubygems 7
exploitdb 2
fedora
fedora
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-5.fc16
2013-01-23 01:34:00
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-7.fc17
2013-01-23 01:53:38
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-6.fc16
2013-02-10 04:28:15
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2013-0686
2013-01-24 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-0635
2013-01-24 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2013-0635
2013-01-24 00:00:00
ics
ics
Wonderware Intelligence Tableau Server Ruby on Rails Improper Input Validation (Update A)
2013-02-21 00:00:00
nessus
nessus
FreeBSD : rubygem-rails -- multiple vulnerabilities (ca5d3272-59e3-11e2-853b-00262d5ed8ee)
2013-01-09 00:00:00
Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)
2013-01-21 00:00:00
Fedora 16 : rubygem-actionpack-3.0.10-10.fc16 / rubygem-activemodel-3.0.10-2.fc16 / etc (2013-0686)
2013-01-23 00:00:00
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
ubuntucve
ubuntucve
CVE-2012-3464
2012-08-10 00:00:00
CVE-2012-1098
2012-03-13 00:00:00
CVE-2013-0156
2013-01-13 00:00:00
github
github
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:37
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:38
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
osv
osv
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:37
rails - insufficient input validation
2013-01-09 00:00:00
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2012-3464
2012-08-10 10:34:00
CVE-2012-1098
2012-03-13 10:55:00
CVE-2013-0156
2013-01-13 22:55:00
gitlab
gitlab
Potential XSS Vulnerability in Ruby on Rails
2012-08-10 00:00:00
Direct Manipulation XSS
2012-03-13 00:00:00
Multiple vulnerabilities in parameter parsing in Action Pack
2013-01-13 00:00:00
prion
prion
Cross site scripting
2012-03-13 10:55:00
Type confusion
2013-01-13 22:55:00
Cross site scripting
2012-08-10 10:34:00
packetstorm
packetstorm
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
redhat
redhat
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
debiancve
debiancve
CVE-2012-3464
2012-08-10 10:34:00
CVE-2012-1098
2012-03-13 10:55:00
CVE-2013-0156
2013-01-13 22:55:00
suse
suse
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
ruby on rails to 2.3.16 (important)
2013-02-12 11:04:29
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
checkpoint_advisories
checkpoint_advisories
Ruby on Rails XML Processor YAML Deserialization Code Execution (CVE-2013-0156)
2013-01-20 00:00:00
zdt
zdt
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
kitploit
kitploit
[Nmap v6.40] Free Security Scanner For Network Exploration & Security Audits
2013-08-21 01:33:00
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
veracode
veracode
Denial Of Service (DoS) Memory Consumption, Arbitrary Code Execution And Object-injection Attacks
2019-01-15 08:53:34
Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass
2019-01-15 08:54:45
Database Authorization Bypass
2019-01-15 09:01:52
cert
cert
Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters
2013-01-08 00:00:00
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
debian
debian
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
[SECURITY] [DSA 2609-1] rails security update
2013-01-16 21:17:01
threatpost
threatpost
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
seebug
seebug
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
Ruby on Rails XML Processor YAML Deserialization Code Execution
2014-07-01 00:00:00
Ruby on Rails不安全查询生成漏洞
2013-01-10 00:00:00
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
rubygems
rubygems
CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
2012-08-08 20:00:00
CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe buffers can be marked as safe)
2012-02-29 20:00:00
CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack
2013-01-07 20:00:00
exploitdb
exploitdb
Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)
2013-01-29 00:00:00
Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit)
2013-01-10 00:00:00

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:1361412562310865237
fedora22openvas51ics1nessus16freebsd1ubuntucve8github10osv11cve10gitlab5prion10packetstorm2metasploit4redhat2debiancve8suse5checkpoint_advisories1zdt2kitploit1saint4veracode3cert2debian3threatpost3seebug3thn2rubygems7exploitdb2