103 matches found
[SECURITY] [DLA 2655-1] rails security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
FreeBSD : Rails -- multiple vulnerabilities (f7a00ad7-ae75-11eb-8113-08002728f74c)
Ruby on Rails blog : Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed : CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...
Information Disclosure
actionpack is vulnerable to information disclosure. When using redirectto or polymorphicurl with untrusted user input, there is possible unintended unintended method execution vulnerability that can lead to information disclosure...
GHSA-HJG4-8Q5F-X6FM Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Impact ------ There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the redirectto or polymorphicurl helper with untrusted user input. Vulnerable code will look like this. redirecttoparams:someparam All users running an affected release...
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Impact ------ There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the redirectto or polymorphicurl helper with untrusted user input. Vulnerable code will look like this. redirecttoparams:someparam All users running an affected release...
CVE-2021-22885
A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the redirectto or polymorphicurl helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality...
Possible Information Disclosure / Unintended Method Execution in Action Pack
There is a possible information disclosure / unintended method execution vulnerability in Action Pack which has been assigned the CVE identifier CVE-2021-22885. Versions Affected: = 2.0.0. Not affected: 2.0.0. Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ There is a possible...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...
JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution
JavaFX, GUI library for Java applications, is provided with OracleJDK 7 through 10. Since OracleJDK 11, JavaFX is separately maintained and developed by OpenJFX project under OpenJDK community. JavaFX WebEngine component is capable of web content rendering, and possible to be configured to allow...
CVE-2020-5604
Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...
Design/Logic Flaw
Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...
Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object
Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...
JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object
Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...
Design/Logic Flaw
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user...
CVE-2019-8069
The CVE-2019-8069 issue affects Adobe Flash Player 32.0.0.238 and earlier; it is a Same Origin Method Execution vulnerability that could lead to arbitrary code execution in the current user context. Multiple connected sources confirm the vulnerability and indicate that update/patches exist: Adobe...
Adobe Flash Player Same Origin Method Execution Vulnerability
Adobe Flash Player is a widely used, proprietary multimedia program player originally written by Macromedia and continued to be developed and distributed by Adobe after Macromedia was acquired by Adobe. A same-origin method execution vulnerability exists in Adobe Flash Player. An attacker could...
KLA11547 Multiple ACE vulnerabilities in Adobe Flash Player
Multiple vulnerabilities were found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A use-after-free vulnerability can be exploited remotely to execute arbitrary code; 2. A same origin method...