Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...

TGT2Admin-

🎭 RBCDExploit - Resource-Based Constrained Delegation Attack...

SUSE-SU-2026:0958-1 Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: - CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when...

PT-2026-27259

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach files from cloud and local sources. Prior to versions 8.1.2.1, 8.0.4.1, and...

PT-2026-27261

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description Active Support number helpers are susceptible to a denial-of-service condition. The number helpers accept...

Rails 路径遍历漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of verificatio...

Rails 注入漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There were injection vulnerabilities in versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stemmed from the direct passing of...

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from the proxy controller loadi...

PT-2026-27202

Name of the Vulnerable Software and Affected Versions NetScaler ADC versions prior to 14.1-60.58 NetScaler Gateway versions prior to 13.1-662.23 Description Insufficient input validation in the SAML processing module of NetScaler ADC and NetScaler Gateway, when configured as a SAML Identity...

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Support before 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from digital helper functions...

PT-2026-27257

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The SafeBuffer% function does not correctly propagate the @html unsafe flag to newly created buffers. If a...

PT-2026-27260

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach cloud and local files. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the...

PT-2026-27262

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach cloud and local files. The DiskServicepath for function does not validate...

Rails Active Storage has possible content type bypass via metadata in direct uploads

Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...

Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests

Impact When serving files through Active Storage's Blobs::ProxyController, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header e.g. bytes=0- could cause the server to allocate memory proportional to the file size,...

Rails Active Storage has possible Path Traversal in DiskService

Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...

Rails Active Storage has possible glob injection in its DiskService

Impact Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage director...

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

PT-2026-27263

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage enables users to attach cloud and local files within Rails applications. A flaw exists in the DiskServicedelete prefixed...