CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

Github Security Blog•added 2017/10/24 6:33 p.m.•27 views

Devise does not properly perform type conversion when performing database queries

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass...

6.8CVSS5.1AI score0.68821EPSS

Exploits3References9Affected Software1

OSV•added 2017/10/24 6:33 p.m.•17 views

GHSA-JXHW-MG8M-2PJ8 Devise does not properly perform type conversion when performing database queries

6.8CVSS6.7AI score0.68821EPSS

Exploits3References8

OSV•added 2017/09/06 9:29 p.m.•6 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS5.2AI score

Exploits0References9

NVD•added 2017/09/06 9:29 p.m.•17 views

CVE-2015-7225

5.3CVSS5.2AI score0.00648EPSS

Exploits0References6

Prion•added 2017/09/06 9:29 p.m.•10 views

Code injection

3.5CVSS7.1AI score0.00648EPSS

Exploits0References6Affected Software1

OSV•added 2017/09/06 9:29 p.m.•1 views

UBUNTU-CVE-2015-7225

5.3CVSS6AI score0.00648EPSS

Exploits0References3

UbuntuCve•added 2017/09/06 9:29 p.m.•13 views

CVE-2015-7225

5.3CVSS6.1AI score0.00648EPSS

Exploits0References2

Debian CVE•added 2017/09/06 9:0 p.m.•17 views

CVE-2015-7225

5.3CVSS5.2AI score0.00648EPSS

Exploits0

Cvelist•added 2017/09/06 9:0 p.m.•24 views

CVE-2015-7225

5.1AI score0.00648EPSS

Exploits0References6

CVE•added 2017/09/06 9:0 p.m.•86 views

CVE-2015-7225

Concretely, CVE-2015-7225 affects devise-two-factor prior to v4.0.2, where an OTP can be reused for one immediately trailing time interval due to an incomplete fix. Multiple connected records (e.g., CVE-2021-43177 references) confirm the vulnerability pattern and the remediation: upgrade to devis...

5.3CVSS5.1AI score0.00648EPSS

Exploits0References6Affected Software1

RubySec•added 2016/01/18 12:0 a.m.•17 views

Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie

Devise version before 3.5.4 uses cookies to implement a "Remember me" functionality. However, it generates the same cookie for all devices. If an attacker manages to steal a remember me cookie and the user does not change the password frequently, the cookie can be used to gain access to the...

7.5CVSS3.9AI score0.00173EPSS

Exploits0References1Affected Software1

CNVD•added 2015/11/06 12:0 a.m.•3 views

Tinfoil Security Devise-two-factor Security Bypass Vulnerability

Tinfoil Security Devise-two-factor is a two-factor authentication extension from the American company Tinfoil Security. A security bypass vulnerability exists in Tinfoil Security Devise-two-factor. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized...

5.3CVSS7AI score0.00648EPSS

Exploits0References1

Tenable Nessus•added 2014/06/13 12:0 a.m.•27 views

openSUSE Security Update : rubygem-devise (openSUSE-SU-2013:0374-1)

rubygem-devise was updated to version 1.5.4 fixing bugs and security issue : - wrong records may be read when sending specifically crafted requests bnc800955 CVE-2013-0233 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

6.8CVSS5.3AI score0.68821EPSS

Exploits3References3

OSV•added 2013/04/25 11:55 p.m.•4 views

DEBIAN-CVE-2013-0233

6.8CVSS6.8AI score0.68821EPSS

Exploits3References1

OSV•added 2013/04/25 11:55 p.m.•7 views

CVE-2013-0233

6.8AI score

Exploits0References7

NVD•added 2013/04/25 11:55 p.m.•22 views

CVE-2013-0233