Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-02-20 | CVE-2014-0081 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. | Opensuse, Opensuse, Cloudforms, Enterprise_linux, Rails, Ruby_on_rails | N/A | ||
| 2013-03-19 | CVE-2013-1857 | The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. | Enterprise_linux, Rails, Ruby_on_rails | N/A | ||
| 2019-04-22 | CVE-2019-3902 | A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | Debian_linux, Mercurial, Enterprise_linux | 5.9 | ||
| 2018-11-12 | CVE-2018-19208 | In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h. | Enterprise_linux, Libwpd, Suse_linux_enterprise_server | 6.5 | ||
| 2017-02-13 | CVE-2016-3616 | The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | Ubuntu_linux, Debian_linux, Libjpeg\-Turbo, Enterprise_linux | 8.8 | ||
| 2018-05-23 | CVE-2018-1126 | procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | Ubuntu_linux, Debian_linux, Procps\-Ng, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Struxureware_data_center_expert | 9.8 | ||
| 2018-04-03 | CVE-2018-8778 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | Ubuntu_linux, Debian_linux, Enterprise_linux, Ruby | 7.5 | ||
| 2018-04-03 | CVE-2018-8777 | In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). | Ubuntu_linux, Debian_linux, Enterprise_linux, Ruby | 7.5 | ||
| 2018-04-03 | CVE-2018-6914 | Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. | Ubuntu_linux, Debian_linux, Enterprise_linux, Ruby | 7.5 | ||
| 2018-11-16 | CVE-2018-16396 | An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. | Ubuntu_linux, Debian_linux, Enterprise_linux, Ruby | 8.1 |