8 matches found
Debian: Security Advisory (DLA-2864-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2864-1] ruby-haml security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2864-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 29, 2021 https://wiki.debian.org/LTS -...
Debian DLA-2864-1 : ruby-haml - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2864 advisory. - In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ' must be escaped properly. In this case, the '...
DLA-2864-1 ruby-haml - security update
Bulletin has no description...
Debian DLA-1986-1 : ruby-haml security update
In haml, when using user input to perform tasks on the server, characters like ' ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. For Debian 8 'Jessie', this problem has been...
Debian: Security Advisory (DLA-1986-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1986-1] ruby-haml security update
Package : ruby-haml Version : 4.0.5-2+deb8u1 CVE ID : CVE-2017-1002201 In haml, when using user input to perform tasks on the server, characters like " must be escaped properly. In this case, the character was missed. An attacker can manipulate the input to introduce additional attributes,...
DLA-1986-1 ruby-haml - security update
Bulletin has no description...