18 matches found
Arbitrary Code Execution
Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve...
Rails vulnerable to Cross-site Scripting
There is an XSS vulnerability in the numbertocurrency, numbertopercentage and numbertohuman helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081. Versions Affected: All. Fixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17. Impact ------ These helpers allows users...
GHSA-M46P-GGM5-5J83 Rails vulnerable to Cross-site Scripting
There is an XSS vulnerability in the numbertocurrency, numbertopercentage and numbertohuman helpers in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0081. Versions Affected: All. Fixed Versions: 4.1.0.beta2, 4.0.3, 3.2.17. Impact ------ These helpers allows users...
Fedora Update for rubygem-actionpack FEDORA-2014-15371
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2929-1 [email protected] http://www.debian.org/security/ Florian Weimer May 16, 2014 http://www.debian.org/security/faq -...
openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0295-1)
rubygem-actionpack-32 was updated to fix security issues : - fix CVE-2014-0081: XSS Vulnerability in numbertocurrency, numbertopercentage and numbertohuman bnc864433 - fix CVE-2014-0082: Denial of Service Vulnerability in Action View when using render :text bnc864431 %NASLMINLEVEL 70300 C Tenable...
Fedora Update for rubygem-actionpack FEDORA-2014-6098
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionpack FEDORA-2014-6127
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2929-1 : ruby-actionpack-3.2 - security update
Several vulnerabilities were discovered in Action Pack, a component of Ruby on Rails. - CVE-2014-0081 actionview/lib/actionview/helpers/numberhelper.rb contains multiple cross-site scripting vulnerabilities - CVE-2014-0082 actionpack/lib/actionview/template/text.rb performs symbol interning on MI...
[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2929-1 [email protected] http://www.debian.org/security/ Florian Weimer May 16, 2014 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2929-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionpack FEDORA-2014-3232
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-activerecord FEDORA-2014-3169
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Critical: Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, whic...
Fedora 20 : rubygem-actionpack-4.0.0-3.fc20 / rubygem-activerecord-4.0.0-2.fc20 (2014-3169)
This fixes Ruby on Rails 4.0.3 security CVEs : - CVE-2014-0080 - CVE-2014-0081 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
CVE-2014-0081
Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...
CVE-2014-0081
CVE-2014-0081 affects Ruby on Rails: multiple XSS flaws in actionview/lib/action_view/helpers/number_helper.rb allow remote injection via format, negative_format, or units in number_to_currency, number_to_percentage, and number_to_human. Affected Rails versions: 3.2.x before 3.2.17, 4.0.x before ...
CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...