22 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-8164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently...
SUSE: Security Advisory (SUSE-SU-2020:3147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)
This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164).
Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2020-8164 DESCRIPTION: Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by the deserialization of untrusted data. By sending a specially...
openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)
This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...
OPENSUSE-SU-2020:1575-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. This update was imported fr...
Security update for rubygem-actionpack-5_1 (important)
openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1536-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...
Security update for rubygem-actionpack-5_1 (important)
openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1533-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...
Debian DSA-4766-1 : rails - security update
Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
[SECURITY] [DSA 4766-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4766-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 24, 2020 https://www.debian.org/security/faq -...
SUSE-SU-2020:2710-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177...
Debian: Security Advisory (DLA-2282-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities - Linux
Ruby on Rails is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...
Debian DLA-2251-1 : rails security update
Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...
[SECURITY] [DLA 2251-1] rails security update
Package : rails Version : 2:4.1.8-1+deb8u7 CVE ID : CVE-2020-8164 CVE-2020-8165 Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the applicatio...
CVE-2020-8164
CVE-2020-8164 is a Rails deserialization vulnerability affecting Rails < 5.2.4.3 and Rails