Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58 matches found

Github Security Blog
Github Security Blogadded 2018/09/17 9:58 p.m.19 views

Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option,...

5.3CVSS5.3AI score0.0425EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2018/09/17 9:58 p.m.8 views

GHSA-7PHJ-GMGX-2R66 Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option,...

5.3CVSS5.4AI score0.0425EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2017/10/24 6:33 p.m.32 views

Rails activerecord gem has Improper Input Validation vulnerability

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

6.4CVSS6.5AI score0.0225EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blogadded 2017/10/24 6:33 p.m.39 views

Active Record Improper Access Control

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

5.3CVSS5.7AI score0.0425EPSS
Exploits0References12Affected Software1
OSV
OSVadded 2017/10/24 6:33 p.m.22 views

GHSA-XRR6-3PC4-M447 Active Record Improper Access Control

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

5.3CVSS5.4AI score0.0425EPSS
Exploits0References11
GitLab Advisory Database
GitLab Advisory Databaseadded 2017/10/24 12:0 a.m.28 views

Improper Input Validation

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

6.4CVSS7.1AI score0.0225EPSS
Exploits0References9Affected Software1
RubySec
RubySecadded 2017/10/24 12:0 a.m.17 views

Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. Patches are available for 2.3 and 3.0 series...

6.4CVSS6.9AI score0.0225EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVASadded 2016/10/17 12:0 a.m.29 views

Ruby on Rails Active Record Security Bypass Vulnerability (Jan 2016) - Linux

Ruby on Rails is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

5.3CVSS5.6AI score0.0425EPSS
Exploits0References2
OpenVAS
OpenVASadded 2016/10/17 12:0 a.m.37 views

Ruby on Rails Active Record Security Bypass Vulnerability (Jan 2016) - Windows

Ruby on Rails is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

5.3CVSS5.6AI score0.0425EPSS
Exploits0References2
Amazon
Amazonadded 2016/06/24 12:0 a.m.66 views

Medium: kernel

Issue Overview: A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel...

7.8CVSS6.8AI score0.05722EPSS
Exploits10
Tenable Nessus
Tenable Nessusadded 2016/05/31 12:0 a.m.34 views

Debian DLA-496-1 : ruby-activerecord-3.2 security update

CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. For Debian 7 'Wheezy', this problem have...

5.3CVSS6.1AI score0.0425EPSS
Exploits0References3
Debian
Debianadded 2016/05/30 9:48 p.m.32 views

[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update

Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u2 CVE ID : CVE-2015-7577 Debian Bug : N/A CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change...

5.3CVSS5.7AI score0.0425EPSS
Exploits0
BDU FSTEC
BDU FSTECadded 2016/03/31 12:0 a.m.4 views

The vulnerability of the Ruby on Rails software platform, which allows attackers to circumvent existing access control policies

The vulnerability in the nestedattributes.rb file of the activerecord/lib/activerecord module in the Ruby on Rails software framework is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to bypass existing access restrictions by using nested attributes ...

5CVSS6.2AI score0.0425EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linuxadded 2016/03/15 8:56 p.m.4 views

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes...

5.3CVSS7.1AI score0.0425EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2016/03/15 8:56 p.m.54 views

Important: Red Hat Security Advisory: ror40 security update

Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

7.5CVSS6.9AI score0.95537EPSS
Exploits18References8
RedHat Linux
RedHat Linuxadded 2016/03/15 8:55 p.m.8 views

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes...

5.3CVSS7.1AI score0.0425EPSS
Exploits0References6
OSV
OSVadded 2016/03/01 1:53 p.m.6 views

SUSE-SU-2016:0619-1 Security update for rubygem-activerecord-3_2

This update for rubygem-activerecord-32 fixes the following issues: - CVE-2015-7577: rubygem-activerecord: Nested attributes rejection proc bypass bsc963330...

5.3CVSS6AI score0.0425EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2016/02/24 10:36 a.m.2 views

rubygem-activerecord: Nested attributes rejection proc bypass in Active Record

A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes...

5.3CVSS7.1AI score0.0425EPSS
Exploits0References6
NVD
NVDadded 2016/02/16 2:59 a.m.13 views

CVE-2015-7577

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

5.3CVSS5.2AI score0.0425EPSS
Exploits0References11
OSV
OSVadded 2016/02/16 2:59 a.m.1 views

DEBIAN-CVE-2015-7577

activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...

5.3CVSS5.5AI score0.0425EPSS
Exploits0References1
Rows per page
Query Builder