2 matches found
Linux Distros Unpatched Vulnerability : CVE-2010-3299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. CVE-2010-3299 Note that Nessus relies on the presence of the packag...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...