Lucene search
+L

148 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/18 12:0 a.m.22 views

Siemens Active Devices Detection

The current plugin identifies Siemens devices that are still under active support. Siemens Lifecycle Statuses: - 'PM300:Active Product': Most current offering within a product category. - 'PM400:Announcement of product phase-out': Product in phase-out, support and orders still possible. -...

5.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/12 12:0 a.m.9 views

The vulnerability of the Active Support PostgreSQL Ruby interpreter component, which allows a hacker to trigger a service failure.

The vulnerability of the Active Support PostgreSQL Ruby interpreter’s component is related to insufficient validation of data entered by users in the Inflector.underscore. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

7.8CVSS6.2AI score0.01712EPSS
Exploits0References6Affected Software5
Redos
Redos
added 2025/02/03 12:0 a.m.11 views

ROS-20250203-15

Vulnerability in Active Support PostgreSQL component of Ruby interpreter is related to insufficient validation of user input in Active Support in Inflector.underscore. user input data in Active Support in Inflector.underscore. Exploitation of the vulnerability could allow an attacker acting...

7.5CVSS6.6AI score0.01712EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/01/09 1:15 a.m.33 views

CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

5.5CVSS6AI score0.00258EPSS
Exploits0References5
OSV
OSV
added 2025/01/09 1:15 a.m.4 views

UBUNTU-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.6AI score0.00923EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/12/16 12:0 a.m.3 views

Rockwell Automation Active Devices Detection

The current plugin identifies Rockwell devices that are still under active support. Rockwell Lifecycle Statuses: - Active: Most current offering within a product category. - Active Mature: Product is fully supported, but a newer product or family exists. Gain value by migrating. - End of Life:...

5.5AI score
Exploits0References1
OSV
OSV
added 2024/07/05 11:8 a.m.4 views

OESA-2024-1798 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00923EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.5 views

Malicious code in active-support_alias_class_method (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6cfc1616aa024f728d669fa8717843341bb80af22ed47bde99368873970fa507 --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
OSV
OSV
added 2023/08/23 8:36 p.m.47 views

GHSA-CR5Q-6Q9F-RQ6Q Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

5.5CVSS4.5AI score0.00258EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/23 12:0 a.m.4 views

PT-2023-26260

Name of the Vulnerable Software and Affected Versions Active Support versions 5.2.0 through 7.0.7.0 Active Support versions 6.1.7.4 and earlier Description The issue arises from ActiveSupport::EncryptedFile writing contents to a temporary file with permissions defaulted to the user's current umas...

9.8CVSS6AI score0.02386EPSS
Exploits6References77
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/23 12:0 a.m.33 views

Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

6.5AI score0.00258EPSS
Exploits0References4Affected Software1
RubySec
RubySec
added 2023/08/23 12:0 a.m.51 views

Possible File Disclosure of Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

5.5CVSS5.3AI score0.00258EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2023/06/04 7:58 a.m.60 views

Internet Bug Bounty: [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore

A regular expression based Denial of Service DoS vulnerability was discovered in Active Support. The vulnerability allowed for a specially crafted string to cause the regular expression engine to enter a state of catastrophic backtracking, leading to excessive CPU and memory usage. The...

7.5CVSS7.3AI score0.01712EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/21 3:13 a.m.3 views

SUSE CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

4.2CVSS6.9AI score0.00923EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.72 views

Debian DSA-5372-1 : rails - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5372 advisory. Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open...

9.8CVSS7.4AI score0.04182EPSS
Exploits2References24
OSV
OSV
added 2023/03/04 11:5 a.m.5 views

OESA-2023-1140 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization,time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...

7.5CVSS7AI score0.01712EPSS
Exploits0References2
OSV
OSV
added 2023/02/24 11:4 a.m.3 views

OESA-2023-1130 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...

7.5CVSS7AI score0.01712EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3464

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...

4.3CVSS6AI score0.02568EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-1856

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

5.8CVSS6.6AI score0.02054EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.6 views

SUSE CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

5CVSS6.9AI score0.04261EPSS
Exploits0References5
Rows per page
Query Builder