148 matches found
Siemens Active Devices Detection
The current plugin identifies Siemens devices that are still under active support. Siemens Lifecycle Statuses: - 'PM300:Active Product': Most current offering within a product category. - 'PM400:Announcement of product phase-out': Product in phase-out, support and orders still possible. -...
The vulnerability of the Active Support PostgreSQL Ruby interpreter component, which allows a hacker to trigger a service failure.
The vulnerability of the Active Support PostgreSQL Ruby interpreter’s component is related to insufficient validation of data entered by users in the Inflector.underscore. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
ROS-20250203-15
Vulnerability in Active Support PostgreSQL component of Ruby interpreter is related to insufficient validation of user input in Active Support in Inflector.underscore. user input data in Active Support in Inflector.underscore. Exploitation of the vulnerability could allow an attacker acting...
CVE-2023-38037
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...
UBUNTU-CVE-2023-28120
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...
Rockwell Automation Active Devices Detection
The current plugin identifies Rockwell devices that are still under active support. Rockwell Lifecycle Statuses: - Active: Most current offering within a product category. - Active Mature: Product is fully supported, but a newer product or family exists. Gain value by migrating. - End of Life:...
OESA-2024-1798 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...
Malicious code in active-support_alias_class_method (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cfc1616aa024f728d669fa8717843341bb80af22ed47bde99368873970fa507 --- Credit: OpenSSF source...
GHSA-CR5Q-6Q9F-RQ6Q Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
PT-2023-26260
Name of the Vulnerable Software and Affected Versions Active Support versions 5.2.0 through 7.0.7.0 Active Support versions 6.1.7.4 and earlier Description The issue arises from ActiveSupport::EncryptedFile writing contents to a temporary file with permissions defaulted to the user's current umas...
Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
Possible File Disclosure of Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...
Internet Bug Bounty: [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore
A regular expression based Denial of Service DoS vulnerability was discovered in Active Support. The vulnerability allowed for a specially crafted string to cause the regular expression engine to enter a state of catastrophic backtracking, leading to excessive CPU and memory usage. The...
SUSE CVE-2023-28120
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...
Debian DSA-5372-1 : rails - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5372 advisory. Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open...
OESA-2023-1140 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization,time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...
OESA-2023-1130 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...
SUSE CVE-2012-3464
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...
SUSE CVE-2013-1856
The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...
SUSE CVE-2015-3227
The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...