Lucene search
K

10 matches found

OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.10 views

openSUSE Security Advisory (SUSE-SU-2024:0103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.2AI score0.01673EPSS
Exploits1References5
OSV
OSV
added 2024/01/15 12:10 p.m.6 views

SUSE-SU-2024:0103-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182...

4.3CVSS6.6AI score0.01673EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.30 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:0103-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0103-1 advisory. - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182. Tenable has extracted the preceding descripti...

4.3CVSS6.7AI score0.01673EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.98507EPSS
Exploits40References10
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/01 1:31 p.m.24 views

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166).

Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2020-8166 DESCRIPTION: Ruby on Rails is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by authenticitytoken meta tag. By...

4.3CVSS0.3AI score0.01673EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/25 12:0 a.m.53 views

Debian DSA-4766-1 : rails - security update

Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

9.8CVSS6.7AI score0.45732EPSS
Exploits9References9
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/18 6:8 a.m.44 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Rails

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Rails. Vulnerability Details CVEID: CVE-2020-8163 DESCRIPTION: Rails could allow a remote attacker to execute arbitrary code on the system, caused by a code injection vulnerability. By sending a specially...

8.8CVSS1.5AI score0.83085EPSS
Exploits11Affected Software1
CVE
CVE
added 2020/07/02 6:35 p.m.250 views

CVE-2020-8166

CVE-2020-8166 is a CSRF forgery vulnerability in Ruby on Rails (affecting Rails < 5.2.5 and Rails

4.3CVSS4.5AI score0.01673EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2020/07/02 6:35 p.m.4 views

CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

6.2AI score0.01673EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/05/20 12:0 a.m.37 views

FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)

Ruby on Rails blog : Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes : CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible...

9.8CVSS6.9AI score0.45732EPSS
Exploits9References12
Rows per page
Query Builder