26 matches found
SUSE CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
DEBIAN-CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...
CVE-2026-33169
The connected advisory GHSA-CG4J-Q9V8-6V38 reports a ReDoS vulnerability in Rails Active Support: NumberToDelimitedConverter uses a gsub! regex for thousands delimiting, potentially causing quadratic time on long digit strings. Affected component: Active Support’s NumberToDelimitedConverter. Impa...
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...
ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection
ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...
ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection
ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...
EUVD-2015-9116
Malware in sbrugna...
Cross-site Scripting (XSS)
sanitize is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of sanitization in the gsub parameter of cleancss.rb, which allows an attacker to inject and execute arbitrary JavaScript into the browser...
SUSE CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
Ubuntu 16.04 ESM : HarfBuzz vulnerability (USN-5746-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5746-1 advisory. Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of servic...
Adobe Acrobat Pro DC ImageConversion XPS GSUB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
DEBIAN-CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
Design/Logic Flaw
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...
CVE-2015-9274
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service invalid read of two bytes and application crash because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh...