Debian Linux Security Vulnerabilities and Issues — Debian Linux CVE List

Lucene search

DebianDebian Linux

3 matches found

CVE•added 2013/01/13 10:55 p.m.•280 views

CVE-2013-0156

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a d...

7.5CVSS9.6AI score0.91941EPSS

CVE•added 2013/01/13 10:55 p.m.•123 views

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL...

6.4CVSS7.5AI score0.18174EPSS

Web

CVE•added 2013/01/03 1:55 a.m.•65 views

CVE-2012-5653

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.

6CVSS7AI score0.0077EPSS