14164 matches found
DSA-5616-1 ruby-sanitize - security update
Bulletin has no description...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0198-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0198-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0089-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0089-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0090-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0090-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the...
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0192-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0192-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the...
SUSE SLES15 Security Update : hawk2 (SUSE-SU-2021:0200-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:0200-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid...
Ruby on Rails: Path traversal in AcitveStorage, and lead RCE
Vulnerability description not provided...
USN-6597-1: Puma vulnerability
It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service...
oniguruma: Use-after-free in onig_new_deluxe() in regext.c
A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...
Ruby: Multiple vulnerabilities
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact Please revi...
GLSA-202401-27 : Ruby: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...
Debian: Security Advisory (DLA-3716-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3716-1] ruby-httparty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3716-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 23, 2024 https://wiki.debian.org/LTS -...
DLA-3716-1 ruby-httparty - security update
Bulletin has no description...
Debian dla-3716 : ruby-httparty - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3716 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3716-1 [email protected] https://www.debian.org/lts/security/...
GHSA-G8VP-2V5P-9QFH Cross-site scripting (XSS) in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
Cross-site scripting (XSS) in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
Cross-site scripting (XSS) in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12 any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious...
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma, related to deficiencies in HTTP request processing, allows attackers to induce service failures.
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to induce service failures through specially crafted HTTP requests HTTP Request Smuggling attacks...
CVE-2024-22191
Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...