6 matches found
SUSE CVE-2024-53988
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
PT-2024-35999
Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: A possible XSS vulnerability exists with certain configurations of Rails::HTML::Sanitizer when used with Rails = 7.1.0. This vulnerability may allow an attacker to inject content if HTML5...
PT-2023-10172 · Unknown · Vaultpress Plugin +1
Name of the Vulnerable Software and Affected Versions: VaultPress Plugin versions up to 1.6.0 Description: A critical issue has been found in the VaultPress Plugin, affecting the protect aioseo ajax function of the class.vaultpress-hotfixes.php file in the MailPoet Plugin component. This issue...
PT-2022-21350
Name of the Vulnerable Software and Affected Versions jmespath.rb versions prior to 1.6.1 Description The issue arises from jmespath.rb using JSON.load in a situation where JSON.parse is preferable, potentially leading to remote code execution. Recommendations For versions prior to 1.6.1, update ...
Elasticsearch remote code execution CVE-2015-5377
Summary Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. Deployments are vulnerable even when Groovy dynamic scripting is disabled. We have...
PT-2015-6250 · Docker +2 · Docker Engine +3
Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. This is due to weak permissions for certain /proc...