CVE search results

91 – 100 of 148 results

Detailed view

Sort by:

CVE-2014-3514

Medium priority

Ignored

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to...

11 affected packages

rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	—
rails-3.2	—	—	—	—
rails-4.0	—	—	—	—
ruby-actionpack-2.3	—	—	—	—
ruby-actionpack-3.2	—	—	—	—
ruby-activerecord-2.3	—	—	—	—
ruby-activerecord-3.2	—	—	—	—
ruby-activesupport-2.3	—	—	—	—
ruby-activesupport-3.2	—	—	—	—
ruby-rails-2.3	—	—	—	—
ruby-rails-3.2	—	—	—	—

CVE-2014-3483

Medium priority

Ignored

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers...

7 affected packages

rails, rails-3.2, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-3.2	—	—	—	Not in release
rails-4.0	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2014-3482

Medium priority

Ignored

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute...

7 affected packages

rails, rails-3.2, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-3.2	—	—	—	Not in release
rails-4.0	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2014-0130

Medium priority

Ignored

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing...

2 affected packages

rails, rails-4.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release

CVE-2014-0082

Medium priority

Ignored

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause...

4 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release

CVE-2014-0081

Medium priority

Ignored

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary...

4 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release

CVE-2014-0080

Medium priority

Ignored

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to...

6 affected packages

rails, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2, ruby-rails-2.3, ruby-rails-3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2013-6417

Medium priority

Ignored

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which...

9 affected packages

rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2013-6416

Medium priority

Not affected

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a...

9 affected packages

rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	—
ruby-actionpack-2.3	—	—	—	—
ruby-actionpack-3.2	—	—	—	—
ruby-activerecord-2.3	—	—	—	—
ruby-activerecord-3.2	—	—	—	—
ruby-activesupport-2.3	—	—	—	—
ruby-activesupport-3.2	—	—	—	—
ruby-rails-2.3	—	—	—	—
ruby-rails-3.2	—	—	—	—

CVE-2013-6415

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web...

9 affected packages

rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports