Lucene search
K

44 matches found

Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.25 views

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2294-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2294-1 advisory. Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixe...

7.5CVSS6.6AI score0.0183EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.22 views

SUSE SLES15 / openSUSE 15 Security Update : rmt-server (SUSE-SU-2023:2295-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2295-1 advisory. Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. -...

7.5CVSS6.6AI score0.0183EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.21 views

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2304-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2304-1 advisory. Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixe...

7.5CVSS6.6AI score0.0183EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/05/25 12:0 a.m.29 views

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2023:2280-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2280-1 advisory. Updated to version 2.13: - CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency bsc1209507. - CVE-2023-27530: Fixe...

7.5CVSS6.6AI score0.0183EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2023/04/26 7:58 a.m.49 views

Moderate: Red Hat Security Advisory: Logging Subsystem 5.6.5 - Red Hat OpenShift security update

Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

5.3CVSS6.5AI score0.01063EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/04/05 12:0 a.m.27 views

Fedora 37 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-7002afbbb8)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-7002afbbb8 advisory. Update to Ruby on Rails 7.0.4.3. https://rubyonrails.org/2023/3/13/Rails-7-0-4-3-and-6-1-7-3-have-been-released Tenable has extracted the preceding...

5.3CVSS6.5AI score0.00907EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/03/19 2:12 p.m.56 views

CVE-2023-28120

A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. Mitigation Avoid calling bytesplice on a SafeBuffer htmlsafe string with untrusted user input...

6.1CVSS2.5AI score0.00907EPSS
Exploits0References4
Veracode
Veracode
added 2023/03/17 2:41 a.m.19 views

Cross-site Scripting (XSS)

activesupport is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to outputsafety.rb when the new bytesplice method is called on a SafeBuffer with untrusted user input, because the htmlsafe tag is not removed after being mutated which allows an attacker to inject and execute...

5.3CVSS2.7AI score0.00907EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/15 9:36 p.m.43 views

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

5.3CVSS3.4AI score0.00907EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2023/03/15 9:36 p.m.54 views

GHSA-PJ73-V5MW-PM9J Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

5.3CVSS5.7AI score0.00907EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/03/15 12:0 a.m.31 views

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

3.4AI score0.00907EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.4 views

PT-2023-21578 · Ruby +1 · Active Support +1

Name of the Vulnerable Software and Affected Versions: ActiveSupport versions prior to 7.0.4.3 ActiveSupport versions prior to 6.1.7.3 Description: There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This issue arises because...

7.8CVSS5.6AI score0.0183EPSS
Exploits1References53
RubySec
RubySec
added 2023/03/13 12:0 a.m.29 views

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

5.3CVSS3.4AI score0.00907EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.43 views

activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS4.3AI score0.02137EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.38 views

GHSA-QV8P-V9QW-WC7G activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS5.1AI score0.02137EPSS
Exploits0References7
OSV
OSV
added 2012/03/13 10:55 a.m.9 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

5.4AI score
Exploits0References6
NVD
NVD
added 2012/03/13 10:55 a.m.15 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS5.5AI score0.02137EPSS
Exploits0References6
Prion
Prion
added 2012/03/13 10:55 a.m.26 views

Cross site scripting

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS5.9AI score0.02137EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2012/03/13 10:55 a.m.38 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS6AI score0.02137EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/03/13 10:0 a.m.36 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

5.3AI score0.02137EPSS
Exploits0References6
Rows per page
Query Builder