OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: bnsqrx8xinternal carry bug on x8664 CVE-2017-3736 Severity: Moderate There is a carry propagating bug in the x8664 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very...

Virtuozzo Linux Errata and Security Advisory 2017:3071 Moderate

Upstream security update. Follow RHSA-2017:3071 for details...

Moderate severity vulnerability that affects rails

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

GHSA-FJFG-Q662-GM6J Moderate severity vulnerability that affects rails

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml Hashfromxml method, which uses XmlSimple XML::Simple unsafely, as demonstrated by reading passwords fro...

GHSA-QPJP-7RP2-9C3F Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

Moderate severity vulnerability that affects handlebars

Withdrawn: Duplicate of GHSA-9prh-257w-9277...

Moderate severity vulnerability that affects validator

Withdrawn: Duplicate of GHSA-79mx-88w7-8f7q...

Moderate severity vulnerability that affects ember

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web scrip...

GHSA-9959-C6Q6-6QP3 Moderate severity vulnerability that affects validator

Withdrawn: Duplicate of GHSA-79mx-88w7-8f7q...

Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

GHSA-552W-RQG8-GXXM Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via vectors related to UI redressing...

GHSA-RH6C-Q938-3R9Q Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

Moderate severity vulnerability that affects rails

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Moderate severity vulnerability that affects rails

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

Moderate severity vulnerability that affects rails

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml Hashfromxml method, which uses XmlSimple XML::Simple unsafely, as demonstrated by reading passwords fro...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Moderate severity vulnerability that affects rails

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...

Moderate severity vulnerability that affects rails

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirectto function...

Moderate Photon OS Security Update - PHSA-2017-0079

Updates of 'libxml2', 'go', 'cairo', 'openvswitch' packages of Photon OS have been released...