Lucene search
K

22 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.29 views

Debian: Security Advisory (DLA-604-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.95537EPSS
Exploits18References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.5 views

SUSE CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS7AI score0.04879EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2016:1146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.95537EPSS
Exploits19References4
OpenVAS
OpenVAS
added 2016/10/17 12:0 a.m.47 views

Ruby on Rails Multiple Vulnerabilities (Jan 2016) - Windows

Ruby on Rails is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

7.5CVSS7.1AI score0.95537EPSS
Exploits11References6
Tenable Nessus
Tenable Nessus
added 2016/08/29 12:0 a.m.37 views

Debian DLA-603-1 : ruby-activesupport-3.2 security update

The support and utility classes used by the Rails 3.2 framework allow remote attackers to cause a denial of service SystemStackError via a large XML document depth. For Debian 7 'Wheezy', these problems have been fixed in version 3.2.6-6+deb7u2. Additionally this upload adds...

5CVSS6.8AI score0.04879EPSS
Exploits0References3
Debian
Debian
added 2016/08/27 4:25 p.m.30 views

[SECURITY] [DLA 603-1] ruby-activesupport-3.2 security update

Package : ruby-activesupport-3.2 Version : 3.2.6-6+deb7u2 CVE ID : CVE-2015-3227 The support and utility classes used by the Rails 3.2 framework allow remote attackers to cause a denial of service SystemStackError via a large XML document depth. For Debian 7 "Wheezy", these problems have been fix...

5CVSS5.6AI score0.04879EPSS
Exploits0
OSV
OSV
added 2016/08/27 12:0 a.m.26 views

DLA-603-1 ruby-activesupport-3.2 - security update

Bulletin has no description...

5CVSS5.5AI score0.04261EPSS
Exploits0
OSV
OSV
added 2016/03/22 4:21 p.m.8 views

SUSE-SU-2016:0857-1 Security update for rubygem-activesupport-4_1

This update for rubygem-activesupport-41 fixes the following issues: The previous security patch for CVE-2015-7576 was adding a new file but this file was not being added in the gemspec, thus the resulting gem didn't have it. This update includes the patch in the gem file too...

4.3CVSS5.6AI score0.04879EPSS
Exploits0References3
OSV
OSV
added 2016/03/22 4:21 p.m.14 views

SUSE-SU-2016:0858-1 Security update for rubygem-actionpack-4_1

This update for rubygem-actionpack-41 fixes the following issues: - CVE-2016-0751: Object Leak DoS bsc963331 - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes bsc963335 - CVE-2016-0752: directory traversal and information leak in Action View bsc963332 - CVE-2015-7576:...

7.5CVSS5.9AI score0.95537EPSS
Exploits11References9
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.29 views

Fedora 23 : rubygem-activesupport-4.2.3-3.fc23 (2016-3ede04cd79)

Security fix for CVE-2015-7576 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

4.3CVSS6.1AI score0.04879EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.23 views

Fedora 22 : rubygem-activesupport-4.2.0-4.fc22 (2016-cb30088b06)

Security fix for CVE-2015-7576 CVE-2016-0753 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

5.3CVSS5.7AI score0.07157EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.28 views

Fedora 23 : rubygem-actionpack-4.2.3-4.fc23 (2016-f486068393)

Security fix for CVE-2015-7581 Security fix for CVE-2016-0751 Security fix for CVE-2015-7576 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

7.5CVSS6.1AI score0.09731EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.55 views

Fedora 22 : rubygem-actionpack-4.2.0-3.fc22 / rubygem-activemodel-4.2.0-2.fc22 (2016-94e71ee673)

Security fix for CVE-2015-7581 CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible withou...

7.5CVSS6.1AI score0.95537EPSS
Exploits11References10
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.35 views

Fedora Update for rubygem-actionpack FEDORA-2016-94

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.95537EPSS
Exploits11References4
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.36 views

Fedora Update for rubygem-activemodel FEDORA-2016-94

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.95537EPSS
Exploits11References4
OSV
OSV
added 2016/02/16 2:59 a.m.8 views

CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS5.6AI score
Exploits0References13
CVE
CVE
added 2016/02/16 2:0 a.m.113 views

CVE-2015-7576

Ruby on Rails: The http_basic_authenticate_with path in Action Controller is vulnerable to a timing-attack bypass when verifying credentials, not using constant-time comparison. A remote attacker could determine valid usernames/passwords by measuring response times. Affected rails versions includ...

4.3CVSS5AI score0.04879EPSS
Exploits0References13Affected Software2
Debian CVE
Debian CVE
added 2016/02/16 2:0 a.m.29 views

CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

4.3CVSS6.1AI score0.04879EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.39 views

openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)

This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...

7.5CVSS5.8AI score0.95537EPSS
Exploits11References8
Tenable Nessus
Tenable Nessus
added 2016/02/01 12:0 a.m.48 views

Debian DSA-3464-1 : rails - security update

Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

7.5CVSS6.2AI score0.95537EPSS
Exploits11References10
Rows per page
Query Builder