146 matches found
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
Important: Red Hat Security Advisory: Satellite 6.17.8 Async Update
A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
Important: Red Hat Security Advisory: Satellite 6.18.5 Async Update
A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...
RHEL 9 : Satellite 6.17.8 Async Update (Important) (RHSA-2026:14873)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14873 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...
Tripp Lite Active Devices Detection
The current plugin identifies Tripp Lite devices that are still under active support. Tripp Lite Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product no longer manufactured or procured. %NASLMINLEVEL 80900 C Tenable Network Security, Inc...
Denial Of Service (DoS)
Active Support is vulnerable to Denial of Service. The vulnerability is due to the acceptance of strings containing scientific notation by Active Support number helpers, where the conversion of these strings to extremely large decimal representations can cause excessive memory allocation and CPU...
Cross Site Scripting
Active Support is vulnerable to Cross Site Scripting. The vulnerability is due to SafeBuffer% not propagating the @htmlunsafe flag to the newly created buffer, where a SafeBuffer is mutated in place and then formatted with % using untrusted arguments, and the result incorrectly reports htmlsafe? ...
SUSE CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
SUSE CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
Linux Distros Unpatched Vulnerability : CVE-2026-33169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based...
Linux Distros Unpatched Vulnerability : CVE-2026-33170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1,...
Linux Distros Unpatched Vulnerability : CVE-2026-33176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1,...
CVE-2026-33176
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
CVE-2026-33169
A flaw was found in Active Support, a toolkit of support libraries for the Rails framework. The NumberToDelimitedConverter component, responsible for formatting numbers, uses a regular expression that can lead to a significant slowdown when processing unusually long digit strings. A remote attack...
CVE-2026-33170
A flaw was found in Active Support, a toolkit of support libraries for the Rails framework. When a SafeBuffer is modified in place and subsequently formatted with untrusted input, the @htmlunsafe flag is not correctly propagated. This improper handling causes the buffer to incorrectly report as...
CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
DEBIAN-CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...