Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-22794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate...

8.8CVSS6.4AI score0.02153EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/05/18 12:0 a.m.8 views

ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15112-1 Rating: moderate Cross-References: CVE-2022-32224 CVE-2022-44566 CVE-2023-22794 CVE-2023-38037 CVSS scores: CVE-2022-32224 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-44566 SUSE :...

7CVSS7.4AI score0.02386EPSS
Exploits3
Debian
Debian
added 2023/03/13 3:6 a.m.155 views

[SECURITY] [DSA 5372-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 [email protected] https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

9.8CVSS7.8AI score0.04182EPSS
Exploits2
OSV
OSV
added 2023/03/01 11:4 a.m.5 views

OESA-2023-1132 rubygem-activerecord security update

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. Security Fixes: A denial of service vulnerability present in...

8.8CVSS7.4AI score0.02153EPSS
Exploits2References3
NVD
NVD
added 2023/02/09 8:15 p.m.17 views

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS9.1AI score0.02153EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/02/09 12:0 a.m.37 views

CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

9AI score0.02153EPSS
Exploits1References3
CVE
CVE
added 2023/02/09 12:0 a.m.277 views

CVE-2023-22794

CVE-2023-22794 affects ActiveRecord versions

8.8CVSS8.6AI score0.02153EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/01 12:0 a.m.34 views

Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...

8.8CVSS7.3AI score0.02278EPSS
Exploits2References7
OSV
OSV
added 2023/01/18 6:20 p.m.27 views

GHSA-HQ7P-J377-6V63 SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/01/18 6:20 p.m.41 views

SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.7AI score0.02153EPSS
Exploits1References8Affected Software1
RubySec
RubySec
added 2023/01/18 12:0 a.m.40 views

SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder