Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22795 | 2 Ruby-lang, Rubyonrails | 2 Ruby, Rails | 2023-03-14 | N/A | 7.5 HIGH |
| A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2023-22794 | 1 Activerecord Project | 1 Activerecord | 2023-03-14 | N/A | 8.8 HIGH |
| A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | |||||
| CVE-2023-22792 | 1 Rubyonrails | 1 Rails | 2023-03-14 | N/A | 7.5 HIGH |
| A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2022-27777 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack | 2023-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | |||||
| CVE-2022-22577 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack | 2023-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | |||||
| CVE-2022-21831 | 2 Debian, Rubyonrails | 2 Debian Linux, Active Storage | 2023-03-14 | 6.8 MEDIUM | 9.8 CRITICAL |
| A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. | |||||
| CVE-2022-23633 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2023-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. | |||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2023-03-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | |||||
| CVE-2021-22942 | 1 Rubyonrails | 1 Rails | 2023-03-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | |||||
| CVE-2022-4557 | 1 Gruparge | 1 Smartpower | 2023-03-14 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01. | |||||
| CVE-2023-25193 | 2 Fedoraproject, Harfbuzz Project | 2 Fedora, Harfbuzz | 2023-03-13 | N/A | 7.5 HIGH |
| hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | |||||
| CVE-2022-37951 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37950 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37949 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37948 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37947 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37946 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37945 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37944 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||
| CVE-2022-37943 | 2023-03-13 | N/A | N/A | ||
| Not used in 2022 | |||||