14179 matches found
Rocky Linux 8 : ruby:3.3 (RLSA-2024:6784)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6784 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace...
[SECURITY] [DLA 3902-1] ruby-rails-html-sanitizer security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 28, 2024 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 3901-1] ruby-loofah security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3901-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 28, 2024 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 3900-1] ruby-httparty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 28, 2024 https://wiki.debian.org/LTS -...
Debian dla-3902 : ruby-rails-html-sanitizer - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3902 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1 [email protected]...
Debian dla-3901 : ruby-loofah - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3901 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3901-1 [email protected]...
DLA-3900-1 ruby-httparty - security update
Bulletin has no description...
DLA-3901-1 ruby-loofah - security update
Bulletin has no description...
Debian dla-3900 : ruby-httparty - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3900 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/...
DLA-3902-1 ruby-rails-html-sanitizer - security update
Bulletin has no description...
Ubuntu: Security Advisory (USN-7036-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents1 or a...
Advisory ROSA-SA-2024-2478
software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...
SUSE CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...
PT-2024-40145 · Unknown · Camaleon Cms +1
Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or HTML documents by...
The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.
The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Ruby On Rails Weak Secret Key
Ruby On Rails applications use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in the .env file and is used for multiple security-critical operations. When a weak or easily guessable application key is...
The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.
The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the XML tools for Ruby REXML stems from improper restrictions on recursive references to entities in DTDs. This allows attackers to trigger a service failure.
The vulnerability of the XML tools for Ruby REXML is related to improper restrictions on recursive references to entities in DTDs. Exploiting this vulnerability could allow an attacker to cause service failures remotely...
CVE-2024-41946
...