Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)

The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...

10CVSS6.4AI score0.07497EPSS
Exploits2References13
seebug.org
seebug.org
added 2013/03/07 12:0 a.m.73 views

Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)

BUGTRAQ ID: 57896 CVECAN ID: CVE-2013-0276 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.2.12, 3.1.11, 2.3.17之前版本在ActiveRecord的 "attrprotected" 方法中存在错误,没有正确限制访问模块属性的黑名单,通过特制的请求,可导致非法修改某些值。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 2.3.x 厂商补丁: Ruby o...

4.3CVSS0.2AI score0.0246EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.40 views

Fedora Update for rubygem-activemodel FEDORA-2013-2391

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

8.1AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.33 views

Fedora Update for rubygem-activemodel FEDORA-2013-2398

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS6.4AI score0.0246EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.42 views

Fedora Update for rubygem-activemodel FEDORA-2013-2398

Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2013-2398 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

4.3CVSS6.3AI score0.0246EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.34 views

Fedora Update for rubygem-activemodel FEDORA-2013-2391

Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2013-2391 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

7.5CVSS7.7AI score0.99449EPSS
Exploits23References2
Tenable Nessus
Tenable Nessus
added 2013/02/21 12:0 a.m.45 views

Fedora 18 : rubygem-activemodel-3.2.8-2.fc18 (2013-2398)

Fix for CVE-2013-0276. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

4.3CVSS6AI score0.0246EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2013/02/21 12:0 a.m.43 views

Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)

Fix for CVE-2013-0276. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

4.3CVSS6AI score0.0246EPSS
Exploits1References3
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.117 views

[SECURITY] [DSA 2620-1] rails security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...

10CVSS1.2AI score0.07497EPSS
Exploits2
OSV
OSV
added 2013/02/13 1:55 a.m.12 views

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

6.2AI score
Exploits0References12
NVD
NVD
added 2013/02/13 1:55 a.m.28 views

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

4.3CVSS6.3AI score0.0246EPSS
Exploits1References12
UbuntuCve
UbuntuCve
added 2013/02/13 1:55 a.m.30 views

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

4.3CVSS6.5AI score0.0246EPSS
Exploits1References2
CVE
CVE
added 2013/02/13 1:0 a.m.140 views

CVE-2013-0276

CVE-2013-0276 affects Ruby on Rails ActiveRecord: Rails versions 2.3.17 and earlier, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allow remote attackers to bypass the attr_protected protection and modify protected model attributes via a crafted request. The issue is caused by bypassable handling ...

4.3CVSS6.2AI score0.0246EPSS
Exploits1References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/02/13 12:0 a.m.49 views

Debian DSA-2620-1 : rails - several vulnerabilities

Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. - CVE-2013-0276 The blacklist provided by the attrprotected method could be bypassed with crafted requests, having an application-specific impact. - CVE-2013-0277 In some applications, the...

10CVSS6.4AI score0.07497EPSS
Exploits2References6
Debian
Debian
added 2013/02/12 9:9 p.m.40 views

[SECURITY] [DSA 2620-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...

10CVSS7.1AI score0.07497EPSS
Exploits2
OSV
OSV
added 2013/02/12 12:0 a.m.45 views

DSA-2620-1 rails - several

Bulletin has no description...

10CVSS5.9AI score0.07497EPSS
Exploits2
OpenVAS
OpenVAS
added 2013/02/11 12:0 a.m.29 views

Debian: Security Advisory (DSA-2620-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.7AI score0.07497EPSS
Exploits2References3
Rows per page
Query Builder