• git://
#Vulnerabilities 8074
Date Id Summary Products Score Patch Annotated
2022-02-11 CVE-2022-23633 Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails,,, and Upgrading is highly recommended, but to work around this problem a middleware... Debian_linux, Rails 5.9
2022-05-26 CVE-2022-21831 A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Debian_linux, Active_storage 9.8
2022-05-26 CVE-2022-22577 An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Debian_linux, Actionpack 6.1
2022-05-26 CVE-2022-27777 A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Debian_linux, Actionpack 6.1
2021-04-06 CVE-2021-30151 Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. Sidekiq, Debian_linux 6.1
2022-01-21 CVE-2022-23837 In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. Sidekiq, Debian_linux 7.5
2020-10-22 CVE-2020-27560 ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Debian_linux, Imagemagick, Leap 3.3
2020-11-20 CVE-2020-19667 Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Debian_linux, Imagemagick 7.8
2020-12-03 CVE-2020-27759 In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects... Debian_linux, Imagemagick 3.3
2020-12-03 CVE-2020-27760 In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Debian_linux, Imagemagick 5.5