Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)

The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...

10CVSS6.4AI score0.07497EPSS
Exploits2References13
seebug.org
seebug.org
added 2013/03/07 12:0 a.m.81 views

Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)

BUGTRAQ ID: 57898 CVECAN ID: CVE-2013-0277 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.x、2.3.x中的活动记录允许远程攻击者通过特制的序列化属性造成拒绝服务或执行任意代码,这些特制的属性可造成+serialize+ helper反序列化任意YAML。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 2.3.x 厂商补丁: Ruby on Rails...

10CVSS0.2AI score0.07497EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.40 views

Fedora Update for rubygem-activerecord FEDORA-2013-2351

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS7.8AI score0.04458EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2013/02/21 12:0 a.m.41 views

Fedora 17 : rubygem-activerecord-3.0.11-6.fc17 (2013-2351)

Fix for CVE-2013-0277. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

10CVSS7.2AI score0.07497EPSS
Exploits1References3
securityvulns
securityvulns
added 2013/02/18 12:0 a.m.117 views

[SECURITY] [DSA 2620-1] rails security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...

10CVSS1.2AI score0.07497EPSS
Exploits2
ThreatPost
ThreatPost
added 2013/02/13 5:51 p.m.42 views

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...

10CVSS3.3AI score0.13911EPSS
Exploits2References6
OSV
OSV
added 2013/02/13 1:55 a.m.9 views

CVE-2013-0277

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.5AI score0.07497EPSS
Exploits1References11
CVE
CVE
added 2013/02/13 1:0 a.m.134 views

CVE-2013-0277

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause YAML deserialization in the serialize helper. Remediation: upgrade to Rails 2.3.17+ (and for 3.x, apply the ...

10CVSS7.5AI score0.07497EPSS
Exploits1References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/02/13 12:0 a.m.49 views

Debian DSA-2620-1 : rails - several vulnerabilities

Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. - CVE-2013-0276 The blacklist provided by the attrprotected method could be bypassed with crafted requests, having an application-specific impact. - CVE-2013-0277 In some applications, the...

10CVSS6.4AI score0.07497EPSS
Exploits2References6
Debian
Debian
added 2013/02/12 9:9 p.m.40 views

[SECURITY] [DSA 2620-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2620-1 [email protected] http://www.debian.org/security/ Florian Weimer February 12, 2013 http://www.debian.org/security/faq -...

10CVSS7.1AI score0.07497EPSS
Exploits2
OSV
OSV
added 2013/02/12 12:0 a.m.45 views

DSA-2620-1 rails - several

Bulletin has no description...

10CVSS5.9AI score0.07497EPSS
Exploits2
RubySec
RubySec
added 2013/02/11 12:0 a.m.33 views

CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.6AI score0.07497EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2013/02/11 12:0 a.m.29 views

Debian: Security Advisory (DSA-2620-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.7AI score0.07497EPSS
Exploits2References3
Rows per page
Query Builder