Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310865378HistoryFeb 22, 2013 - 12:00 a.m.
Fedora Update for rubygem-activemodel FEDORA-2013-2391
2013-02-2200:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
13
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099036.html");
script_oid("1.3.6.1.4.1.25623.1.0.865378");
script_version("2023-06-21T05:06:23+0000");
script_tag(name:"last_modification", value:"2023-06-21 05:06:23 +0000 (Wed, 21 Jun 2023)");
script_tag(name:"creation_date", value:"2013-02-22 09:59:54 +0530 (Fri, 22 Feb 2013)");
script_cve_id("CVE-2013-0276", "CVE-2013-0155", "CVE-2013-0156");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name:"FEDORA", value:"2013-2391");
script_name("Fedora Update for rubygem-activemodel FEDORA-2013-2391");
script_tag(name:"summary", value:"The remote host is missing an update for the 'rubygem-activemodel'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC17");
script_tag(name:"affected", value:"rubygem-activemodel on Fedora 17");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC17")
{
if ((res = isrpmvuln(pkg:"rubygem-activemodel", rpm:"rubygem-activemodel~3.0.11~3.fc17", rls:"FC17")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
[SECURITY] Fedora 18 Update: rubygem-activesupport-3.2.8-2.fc18
2013-01-20 03:40:48
[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-2.fc16
2013-01-23 01:34:00
openvas
openvas
Fedora Update for rubygem-activemodel FEDORA-2013-2391
2013-02-22 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-0686
2013-01-24 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-0686
2013-01-24 00:00:00
ics
ics
nessus
nessus
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2013-01-08 00:00:00
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
suse
suse
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
ruby on rails to 2.3.16 (important)
2013-02-12 10:10:39
osv
osv
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
rails - insufficient input validation
2013-01-09 00:00:00
github
github
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:37
nori contains Improper Input Validation
2017-10-24 18:33:37
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
Circumvention of attr_protected
2013-02-12 00:00:00
Multiple vulnerabilities in parameter parsing in Action Pack
2013-01-13 00:00:00
seebug
seebug
Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)
2013-03-07 00:00:00
Ruby on Rails XML Processor YAML Deserialization Code Execution
2014-07-01 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-02-03 00:00:00
debiancve
debiancve
prion
prion
Cross site request forgery (csrf)
2013-02-13 01:55:00
Type confusion
2013-01-13 22:55:00
Type confusion
2013-04-09 20:55:00
cve
cve
ubuntucve
ubuntucve
packetstorm
packetstorm
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
Ruby on Rails JSON Processor YAML Deserialization Code Execution
2013-01-29 00:00:00
metasploit
metasploit
Ruby on Rails XML Processor YAML Deserialization Scanner
2013-01-09 18:50:38
Ruby on Rails JSON Processor YAML Deserialization Scanner
2013-02-11 22:48:44
Ruby on Rails XML Processor YAML Deserialization Code Execution
2013-01-10 05:10:13
redhat
redhat
(RHSA-2013:0153) Critical: Ruby on Rails security update
2013-01-10 00:00:00
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
saint
saint
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
Ruby on Rails XML Processor YAML Deserialization
2013-02-15 00:00:00
veracode
veracode
Denial Of Service (DoS) Memory Consumption, Arbitrary Code Execution And Object-injection Attacks
2019-01-15 08:53:34
Arbitrary Code Execution, SQL Injection Attacks And Authentication Bypass
2019-01-15 08:54:45
Database Authorization Bypass
2019-01-15 09:01:52
cert
cert
Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parameters
2013-01-08 00:00:00
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
2013-01-28 00:00:00
debian
debian
[SECURITY] [DLA 172-1] libextlib-ruby security update
2015-03-14 19:01:22
[SECURITY] [DSA 2604-1] rails security update
2013-01-09 19:17:20
[SECURITY] [DSA 2609-1] rails security update
2013-01-16 21:17:01
checkpoint_advisories
checkpoint_advisories
zdt
zdt
Action Pack Multiple Vulnerabilities
2013-01-09 00:00:00
Ruby On Rails XML Processor YAML Deserialization Code Execution
2013-01-11 00:00:00
kitploit
kitploit
threatpost
threatpost
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
2013-01-10 15:01:40
Ruby on Rails Exploit Harvests IRC Botnet
2013-05-28 18:56:05
Some Versions of Ruby on Rails Vulnerable to New Parsing Attack
2013-01-29 17:47:51
thn
thn
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-31 03:53:00
Ruby on Rails exploit could hijack unpatched servers for botnet
2013-05-30 16:53:00
rubygems
rubygems
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
exploitdb
exploitdb
nmap
nmap
http-vuln-cve2013-0156 NSE Script
2013-04-25 03:15:33
8.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
Related for OPENVAS:1361412562310865378