18 matches found
SUSE CVE-2013-6417
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1906-1)
fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1907-1)
fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1904-1)
fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0009-1)
This update fixes the following security issues with rubygem-actionpack-32 : - fix CVE-2013-4389: rubygem-actionmailer-31: possible DoS vulnerability in the log subscriber component bnc846239 File CVE-2013-4389.patch contains the fix. - fix CVE-2013-4491: rubygem-actionpack: i18n missing...
Fedora Update for rubygem-actionpack FEDORA-2014-6098
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionpack FEDORA-2014-6127
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...
[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2888-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...
Debian DSA-2888-1 : ruby-actionpack-3.2 - security update
Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities
According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point...
Fedora Update for rubygem-actionpack FEDORA-2014-3232
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionpack FEDORA-2013-23636
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionpack FEDORA-2014-0970
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-6417
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
CVE-2013-6417
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
CVE-2013-6417
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
rails -- multiple vulnerabilities
Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...