Lucene search
K

537 matches found

Redos
Redos
added 2024/08/28 12:0 a.m.15 views

ROS-20240827-19

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during the generation of a of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Rub...

6.1CVSS6.1AI score0.01119EPSS
Exploits1
Redos
Redos
added 2024/08/28 12:0 a.m.14 views

ROS-20240827-20

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during generation of the of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Ruby...

6.1CVSS6.1AI score0.01119EPSS
Exploits1
Redos
Redos
added 2024/08/28 12:0 a.m.22 views

ROS-20240827-06

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during the generation of a of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Rub...

6.1CVSS6.2AI score0.01119EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/06/20 1:52 a.m.546 views

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 !image-20240619220245325README.assets/Snipa...

9.8CVSS9.5AI score0.86089EPSS
Exploits7
OSV
OSV
added 2024/04/12 11:7 a.m.5 views

OESA-2024-1366 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.01119EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.4 views

OESA-2024-1367 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.01119EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.4 views

OESA-2024-1364 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.01119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/12 12:0 a.m.30 views

Rocky Linux 8 : firefox (RLSA-2024:0955)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...

8.1CVSS7.9AI score0.00937EPSS
Exploits1References17
OSV
OSV
added 2024/03/06 11:7 a.m.32 views

BIT-SYMFONY-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

8.8CVSS6.8AI score0.00753EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:52 a.m.37 views

BIT-DRUPAL-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

8.1CVSS7.8AI score0.01239EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2024/03/04 3:2 a.m.60 views

USN-6669-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS7.8AI score0.02155EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/03/04 12:0 a.m.36 views

Debian dla-3747 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3747-1 [email protected]...

8.1CVSS7.5AI score0.00937EPSS
Exploits1References18
CNVD
CNVD
added 2024/03/01 12:0 a.m.32 views

Mozilla Firefox HTTP Header Injection Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an HTTP header injection vulnerability that stems from a Set-Cookie response header being incorrectly executed in a multipart HTTP response, which can be exploited by an...

6.1CVSS6.8AI score0.00743EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/02/29 3:37 a.m.4 views

SUSE CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5.3AI score0.01119EPSS
Exploits0References3
Veracode
Veracode
added 2024/02/28 9:45 a.m.21 views

Session Token Disclosure

activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user...

5.3CVSS6.5AI score0.01119EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/28 12:0 a.m.28 views

AlmaLinux 9 : firefox (ALSA-2024:0952)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0952 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

8.1CVSS7.9AI score0.00937EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2024/02/28 12:0 a.m.34 views

AlmaLinux 8 : thunderbird (ALSA-2024:0964)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0964 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Thi...

8.1CVSS7.9AI score0.00937EPSS
Exploits1References9
OSV
OSV
added 2024/02/27 9:41 p.m.21 views

GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9
OSV
OSV
added 2024/02/27 4:15 p.m.2 views

DEBIAN-CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5.4AI score0.01119EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/02/27 4:15 p.m.27 views

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS6.1AI score0.01119EPSS
Exploits0References6
Rows per page
Query Builder