Lucene search
K

14 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.14 views

Debian: Security Advisory (DLA-496-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.0425EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2016:1146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.95537EPSS
Exploits19References4
OpenVAS
OpenVAS
added 2016/10/17 12:0 a.m.37 views

Ruby on Rails Active Record Security Bypass Vulnerability (Jan 2016) - Windows

Ruby on Rails is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

5.3CVSS5.6AI score0.0425EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/05/31 12:0 a.m.34 views

Debian DLA-496-1 : ruby-activerecord-3.2 security update

CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. For Debian 7 'Wheezy', this problem have...

5.3CVSS6.1AI score0.0425EPSS
Exploits0References3
Debian
Debian
added 2016/05/30 9:48 p.m.33 views

[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update

Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u2 CVE ID : CVE-2015-7577 Debian Bug : N/A CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change...

5.3CVSS5.7AI score0.0425EPSS
Exploits0
OSV
OSV
added 2016/05/30 12:0 a.m.19 views

DLA-496-1 ruby-activerecord-3.2 - security update

Bulletin has no description...

5.3CVSS5.4AI score0.0425EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.25 views

Fedora Update for rubygem-activerecord FEDORA-2016-73

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.7AI score
Exploits0References2
OSV
OSV
added 2016/02/26 3:8 p.m.7 views

SUSE-SU-2016:0598-1 Security update for rubygem-activerecord-4_1

This update for rubygem-activerecord-41 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention bsc963334 - CVE-2015-7577: Nested attributes rejection proc bypass bsc963330...

5.3CVSS5.5AI score0.07157EPSS
Exploits0References5
OSV
OSV
added 2016/02/16 2:59 a.m.9 views

CVE-2015-7577

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

5.3CVSS5.4AI score
Exploits0References11
NVD
NVD
added 2016/02/16 2:59 a.m.13 views

CVE-2015-7577

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

5.3CVSS5.2AI score0.0425EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.39 views

openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)

This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...

7.5CVSS5.8AI score0.95537EPSS
Exploits11References8
Tenable Nessus
Tenable Nessus
added 2016/02/01 12:0 a.m.48 views

Debian DSA-3464-1 : rails - security update

Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

7.5CVSS6.2AI score0.95537EPSS
Exploits11References10
RubySec
RubySec
added 2016/01/25 12:0 a.m.31 views

Nested attributes rejection proc bypass in Active Record

There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...

5.3CVSS2.1AI score0.0425EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2015/09/25 3:35 p.m.72 views

Ruby on Rails: Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter

Nested attributes rejection proc bypass in Active Record. There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577...

5CVSS5.7AI score0.0425EPSS
Exploits0
Rows per page
Query Builder