Lucene search
K

17 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2025/05/18 12:0 a.m.8 views

ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media (moderate)

ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15112-1 Rating: moderate Cross-References: CVE-2022-32224 CVE-2022-44566 CVE-2023-22794 CVE-2023-38037 CVSS scores: CVE-2022-32224 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-44566 SUSE :...

7CVSS7.4AI score0.02386EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.38 views

RHEL 7 / 8 : Satellite 6.11.5 Async Security Update (Critical) (RHSA-2023:1151)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1151 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

9.8CVSS7.5AI score0.02706EPSS
Exploits3References19
Rockylinux
Rockylinux
added 2023/05/05 3:39 p.m.111 views

Satellite 6.13 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

9.8CVSS8.2AI score0.99931EPSS
Exploits64
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.496 views

Important: Red Hat Security Advisory: Satellite 6.13 Release

An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...

9.8CVSS7.6AI score0.99931EPSS
Exploits65References263
RedHat Linux
RedHat Linux
added 2023/03/07 7:10 p.m.79 views

Critical: Red Hat Security Advisory: Satellite 6.11.5 Async Security Update

Updated Satellite 6.11 packages that fixes critical security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...

9.8CVSS6.8AI score0.02706EPSS
Exploits3References15
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

7CVSS6.7AI score0.02386EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.37 views

openSUSE 15 Security Update : rubygem-activerecord-5.2 (openSUSE-SU-2023:0009-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2023:0009-1 advisory. - A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which...

9.8CVSS7.4AI score0.02386EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2023/01/11 12:0 a.m.7 views

Security update for rubygem-activerecord-5.2 (important)

openSUSE Security Update: Security update for rubygem-activerecord-5.2 Announcement ID: openSUSE-SU-2023:0009-1 Rating: important References: 1201465 Cross-References: CVE-2022-32224 CVSS scores: CVE-2022-32224 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32224 SUSE: 7...

7CVSS8.1AI score0.02386EPSS
Exploits1References1
NVD
NVD
added 2022/12/05 10:15 p.m.23 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS0.02386EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/12/05 10:15 p.m.59 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS6.7AI score0.02386EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.6 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

7.5AI score0.02386EPSS
Exploits1References2
CVE
CVE
added 2022/12/05 12:0 a.m.286 views

CVE-2022-32224

CVE-2022-32224 : Rails/ActiveRecord YAML deserialization issue. YAML-serialized columns can be deserialized with YAML.unsafe_load, enabling an attacker who can manipulate data in the database (e.g., via SQL injection) to escalate to remote code execution (RCE). Affected Rails/ActiveRecord version...

9.8CVSS9.5AI score0.02386EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2022/12/05 12:0 a.m.63 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS6.4AI score0.02386EPSS
Exploits1
OSV
OSV
added 2022/12/05 12:0 a.m.43 views

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record 7.0.3.1, 6.1.6.1, 6.0.5.1 and 5.2.8.1 which could allow an attacker, that can manipulate data in the database via means like SQL injection, the ability to escalate to an RCE...

9.8CVSS9.7AI score0.02386EPSS
Exploits1References5
Debian
Debian
added 2022/09/15 7:58 a.m.40 views

[SECURITY] [DLA 3093-2] rails regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3093-2 [email protected] https://www.debian.org/lts/security/ Abhijith PA September 15, 2022 https://wiki.debian.org/LTS -...

9.8CVSS9.5AI score0.02386EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2022/07/20 9:43 a.m.47 views

CVE-2022-32224

An insecure deserialization flaw was found in Active Record, which uses YAML.unsafeload to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution RCE, resulting in complete system compromise. Mitigation Mitigation for this iss...

9CVSS1.2AI score0.02386EPSS
Exploits1References4
RubySec
RubySec
added 2022/07/12 12:0 a.m.52 views

Possible RCE escalation bug with Serialized Columns in Active Record

There is a possible escalation to RCE when using YAML serialized columns in Active Record. This vulnerability has been assigned the CVE identifier CVE-2022-32224. Versions Affected: All. Not affected: None Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1 Impact ------ When serialized columns th...

9.8CVSS2.5AI score0.02386EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder