126 matches found
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
Rails: Active Support: Active Support: Denial of Service via large scientific notation strings
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
SUSE CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
CVE-2026-33176
A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...
UBUNTU-CVE-2026-33176
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...
MiracleLinux 3 : ruby-1.8.5-5.7.1AXS3 (AXSA:2009-78:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-78:01 advisory. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system...
EUVD-2011-0214
Malware in sbrugna...
EUVD-2009-1899
Malware in sbrugna...
EUVD-2023-2038
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...
Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon
Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-33008
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...
Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008
Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...
Security Bulletin: IBM Event Processing is vulnerable to a denial of service (CVE-2023-4043).
Summary IBM Event Processing is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson provides an implementation of Jakarta JSON Processing Specification. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused by...
Security Bulletin: IBM App Connect for Healthcare is vulnerable to a denial of service (CVE-2023-4043).
Summary FHIRValidate node in App Connect for Healthcare is vulnerable to a denial of service CVE-2023-4043. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused ...
Ruby: DoS in bigdecimal's sqrt function due to miscalculation of loop iterations
Vulnerability description not provided...