Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2018/12/06 12:0 a.m.39 views

RHEL 6 : rubygem-actionpack and ruby193-rubygem-actionpack (RHSA-2013:0698)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0698 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view...

4.3CVSS6.9AI score0.0264EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.35 views

openSUSE Security Update : rubygem-actionpack-2_3 (openSUSE-SU-2013:0662-1)

Changes in rubygem-actionpack-23 : - add 2 patches to fix security issues : - bug-8099352-3-csssanitize.patch: CVE-2013-1855: rubygem-actionpack: XSS vulnerability in sanitizecss in Action Pack bnc809935 - bug-8099402-3-sanitizeprotocol.patch: CVE-2013-1857: rubygem-actionpack: XSS Vulnerability ...

4.3CVSS7.1AI score0.0264EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/04/12 12:0 a.m.43 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)

Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...

5.8CVSS7AI score0.03438EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.37 views

Fedora Update for rubygem-actionpack FEDORA-2013-4214

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS7.8AI score0.0264EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.36 views

Fedora Update for rubygem-actionpack FEDORA-2013-4199

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS7.8AI score0.08245EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2013/04/01 12:0 a.m.47 views

Fedora 17 : rubygem-actionpack-3.0.11-9.fc17 (2013-4199)

Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

4.3CVSS7.2AI score0.0264EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/04/01 12:0 a.m.41 views

Fedora 18 : rubygem-actionpack-3.2.8-3.fc18 (2013-4214)

Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

4.3CVSS7.2AI score0.0264EPSS
Exploits1References5
Debian
Debian
added 2013/03/28 4:15 p.m.44 views

[SECURITY] [DSA 2655-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2655-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 28, 2013 http://www.debian.org/security/faq -...

5CVSS7.1AI score0.03438EPSS
Exploits2
OSV
OSV
added 2013/03/19 10:55 p.m.9 views

CVE-2013-1857

The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

5.4AI score
Exploits0References10
Cvelist
Cvelist
added 2013/03/19 10:0 p.m.37 views

CVE-2013-1857

The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

5.3AI score0.01868EPSS
Exploits0References10
CVE
CVE
added 2013/03/19 10:0 p.m.124 views

CVE-2013-1857

CVE-2013-1857 affects Ruby on Rails: the sanitize helper in Action Pack (lib/action_controller/vendor/html-scanner/html/sanitizer.rb) fails to properly handle encoded colon characters in URLs, enabling remote attackers to perform cross-site scripting (XSS) via a crafted scheme name (for example i...

4.3CVSS5.4AI score0.01868EPSS
Exploits0References10Affected Software1
RubySec
RubySec
added 2013/03/19 12:0 a.m.35 views

CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails

'The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

4.3CVSS5AI score0.01868EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder