Lucene search
K

540 matches found

Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview forgiving-nil is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using forgiving-nil...

8CVSS6.9AI score
Exploits0References2
Veracode
Veracode
added 2020/03/06 2:40 a.m.10 views

Denial Of Service (DoS)

github.com/gambol99/go-marathon is vulnerable to denial of service DoS attacks. The vulnerability is possible due to the nil panic occurrence in the function 'NewClient' in client.go when accessing an empty debug log allowing an attacker to cause an application crash...

4AI score
Exploits0
Cvelist
Cvelist
added 2019/05/13 4:30 a.m.34 views

CVE-2019-11888

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges...

9.3AI score0.02688EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/03/13 1:54 a.m.59 views

Low: Red Hat Security Advisory: docker security and bug fix update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

4.9CVSS6.1AI score0.02231EPSS
Exploits0References8
Veracode
Veracode
added 2019/01/15 9:7 a.m.14 views

Denial Of Service (DoS)

github.com/openshift/origin is vulnerable to denial of service DoS attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes origin to panic and cause a nil pointer dereference causing the master process to crash...

4CVSS5.8AI score0.01952EPSS
Exploits0References7Affected Software1
ALT Linux
ALT Linux
added 2018/03/31 12:0 a.m.32 views

Security fix for the ALT Linux 8 package curl version 7.59.0-alt1

March 31, 2018 Anton Farygin 7.59.0-alt1 - new version - fixes: CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write CVE-2018-1000121 LDAP NULL pointer dereference CVE-2018-1000122 RTSP RTP buffer over-read...

7.5CVSS8.9AI score0.12058EPSS
Exploits0
OSV
OSV
added 2018/03/14 8:0 a.m.9 views

CURL-CVE-2018-1000120 FTP path trickery leads to NIL byte out of bounds write

curl can be fooled into writing a zero byte out of bounds. This bug can trigger when curl is told to work on an FTP URL, with the setting to only issue a single CWD command --ftp-method singlecwd or the libcurl alternative CURLOPTFTPFILEMETHOD. curl then URL-decodes the given path, calls strlen o...

9.8CVSS9.1AI score0.12058EPSS
Exploits0
Oracle linux
Oracle linux
added 2017/05/16 12:0 a.m.87 views

Unbreakable Enterprise kernel security update

2.6.39-400.295.2 - nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce Fields Orabug: 25986995 CVE-2017-7895 2.6.39-400.295.1 - ocfs2/o2net: o2netlistendataready should do nothing if socket state is not TCPLISTEN Tariq Saeed Orabug: 25510857 - IB/CORE: sync the resouce access in fmrpool...

10CVSS8.4AI score0.12791EPSS
Exploits41
Veracode
Veracode
added 2017/04/27 6:42 a.m.28 views

Denial Of Service (DoS)

github.com/kubernetes/kubernetes is vulnerable to denial of service attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes github.com/kubernetes/kubernetes to panic and cause a nil pointer dereference causing the master process to crash. This is related to...

5.8AI score0.01952EPSS
Exploits0
Hacker One
Hacker One
added 2016/12/19 8:57 a.m.18 views

shopify-scripts: Heap Overflow in mrb_arb_splice

It's similar with 192235, but the root cause is different. both of mruby and mruby-engine are crashed by the following PoC. MRBINT64 ruby ary = Array.new1023 ary0x7ffffffffffffc00,0 = Array.new1024 $ gdb -q --args ./bin/mruby test2.rb Reading symbols from ./bin/mruby...done. gdb r Starting progra...

0.7AI score
Exploits0
OSV
OSV
added 2016/09/07 7:28 p.m.4 views

DEBIAN-CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

7.5CVSS7AI score0.03903EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.6 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/02/28 6:53 p.m.7 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
OSV
OSV
added 2013/01/13 10:55 p.m.3 views

DEBIAN-CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7AI score0.05673EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2013/01/13 10:55 p.m.5 views

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS5.6AI score0.05673EPSS
Exploits4References13
RedHat Linux
RedHat Linux
added 2013/01/10 10:32 p.m.5 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.6 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.4 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.4 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
seebug.org
seebug.org
added 2009/07/09 12:0 a.m.54 views

Ruby on Rails http_authentication.rb Nil凭据绕过认证漏洞

BUGTRAQ ID: 35579 Ruby on Rails是一个新的Web应用程序框架,构建在Ruby语言之上。 Ruby on Rails的actionpack/lib/actioncontroller/httpauthentication.rb文件中的 validatedigestresponse函数在处理nil凭据时存在错误,如果没有找到用户返回的是nil,而正确的行为是返回 false。远程攻击者发送空的认证凭据就可以绕过HTTP认证获得非授权访问。 David Heinemeier Hansson Ruby on Rails 2.3.2 厂商补丁: David...

6.9AI score
Exploits0
Rows per page
Query Builder