Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2013/04/12 12:0 a.m.43 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)

Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...

5.8CVSS7AI score0.03438EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.42 views

Fedora Update for rubygem-activesupport FEDORA-2013-4130

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS9.9AI score0.99449EPSS
Exploits22References2
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.46 views

Fedora Update for rubygem-activesupport FEDORA-2013-4130

Check for the Version of rubygem-activesupport OpenVAS Vulnerability Test Fedora Update for rubygem-activesupport FEDORA-2013-4130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS0.99449EPSS
Exploits23References2
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.45 views

Fedora Update for rubygem-activesupport FEDORA-2013-4198

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.8CVSS9.9AI score0.02054EPSS
Exploits1References2
seebug.org
seebug.org
added 2013/03/20 12:0 a.m.56 views

Ruby on Rails XML解析远程拒绝服务漏洞(CVE-2013-1856)

BUGTRAQ ID: 58554 CVECAN ID: CVE-2013-1856 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.0.0及之后版本在使用JRuby时,ActiveSupport XML解析器的JDOM后端内存在漏洞,攻击者可利用此漏洞造成拒绝服务或访问应用服务器上的文件。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:...

5.8CVSS6.3AI score0.02054EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2013/03/19 10:55 p.m.35 views

CVE-2013-1856

The ActiveSupport::XmlMiniJDOM backend in lib/activesupport/xmlmini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to...

5.8CVSS5.9AI score0.02054EPSS
Exploits1References2
CVE
CVE
added 2013/03/19 10:0 p.m.107 views

CVE-2013-1856

CVE-2013-1856 affects the ActiveSupport XML parser backend (XMLMini_JDOM) in Ruby on Rails’ Active Support. Specifically, JRuby users of Rails 3.0.x and 3.1.x before 3.1.12 and Rails 3.2.x before 3.2.13 have an XML parsing vulnerability that can allow a remote attacker to read arbitrary files or ...

5.8CVSS6.6AI score0.02054EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder