Fujian Kelixin Command and Dispatch Platform SQL Injection Vulnerability

Fujian Kelixin Command and Dispatch Platform is a command and dispatch platform from Fujian Kelixin Company. A SQL injection vulnerability exists in Fujian Kelixin Command and Dispatch Platform version 20240318 and earlier versions, which originates from an unknown function in...

CVE-2024-2566

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/getextensionyl.php. The manipulation of the argument imei leads to sql...

CVE-2024-2566 Fujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injection

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/getextensionyl.php. The manipulation of the argument imei leads to sql...

CVE-2024-2566 Fujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injection

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/getextensionyl.php. The manipulation of the argument imei leads to sql...

CVE-2024-2566

The CVE-2024-2566 entry concerns Fujian Kelixin Communication Command and Dispatch Platform (up to 20240313). The vulnerability targets the file api/client/get_extension_yl.php, where manipulation of the imei parameter yields an SQL injection. Exploitation is described as remote. Public disclosur...

Fujian Kelixin Command and Dispatch Platform SQL Injection Vulnerability

Fujian Kelixin Command and Dispatch Platform is a command and dispatch platform from Fujian Kelixin Company. A SQL injection vulnerability exists in Fujian Kelixin Command and Dispatch Platform version 20240313 and earlier versions, which stems from an incorrect operation of the parameter imei th...

BIT-MONGODB-2022-24272 MongoDB Server (mongod) may crash in response to unexpected requests

An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including v5.0.6...

openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0444-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-JJHX-JHVP-74WQ Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1....

Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1....

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

UBUNTU-CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

Design/Logic Flaw

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

PT-2024-40546 · Keter · Keter

Name of the Vulnerable Software and Affected Versions: Keter affected versions not specified Description: A reflected XSS issue exists in the logic handling VHost dispatch, where Keter echoes back the Host header value unescaped as part of an HTML error page. This could be exploited in the presen...

Rails Security Vulnerabilities

Rails is a Ruby-based open source web application framework from the Rails team. A security vulnerability exists in Rails versions prior to 7.1.0 through 7.1.3.1, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the Accept header parsing routine of Action Dispatch...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in Action Dispatch's Accept header parsing. Note: This is only vulnerable on applications based on Ruby prior to 3.2. Details Denial of Service DoS describes a family of attacks, all aimed at...