Search CVE reports
161 – 170 of 32574 results
CVE-2023-28362
Medium priorityThe redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
| Package | 18.04 LTS |
|---|---|
| rails | Needs evaluation |
| rails-4.0 | Not in release |
| ruby-actionpack-3.2 | Not in release |
| ruby-activemodel-3.2 | Not in release |
| ruby-activerecord-3.2 | Not in release |
| ruby-activesupport-3.2 | Not in release |
| ruby-rails-3.2 | Not in release |
CVE-2023-28120
Medium priorityThere is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
| Package | 18.04 LTS |
|---|---|
| rails | Needs evaluation |
| rails-4.0 | Not in release |
| ruby-actionpack-3.2 | Not in release |
| ruby-activemodel-3.2 | Not in release |
| ruby-activerecord-3.2 | Not in release |
| ruby-activesupport-3.2 | Not in release |
| ruby-rails-3.2 | Not in release |
CVE-2023-23913
Medium priorityThere is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
| Package | 18.04 LTS |
|---|---|
| rails | Needs evaluation |
| rails-4.0 | Not in release |
| ruby-actionpack-3.2 | Not in release |
| ruby-activemodel-3.2 | Not in release |
| ruby-activerecord-3.2 | Not in release |
| ruby-activesupport-3.2 | Not in release |
| ruby-rails-3.2 | Not in release |
CVE-2024-12747
Medium priorityA flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular...
1 affected package
rsync
| Package | 18.04 LTS |
|---|---|
| rsync | Fixed |
CVE-2024-12088
Medium priorityA flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may...
1 affected package
rsync
| Package | 18.04 LTS |
|---|---|
| rsync | Fixed |
CVE-2024-12087
Medium priorityA path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by...
1 affected package
rsync
| Package | 18.04 LTS |
|---|---|
| rsync | Fixed |
CVE-2024-12086
Medium priorityA flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync...
1 affected package
rsync
| Package | 18.04 LTS |
|---|---|
| rsync | Fixed |
CVE-2024-12085
Medium priorityA flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized...
1 affected package
rsync
| Package | 18.04 LTS |
|---|---|
| rsync | Fixed |
CVE-2024-12084
High priority[Heap Buffer Overflow in Checksum Parsing]
1 affected package
rsync
| Package | 18.04 LTS |
|---|---|
| rsync | Not affected |
CVE-2024-56787
Medium priorityIn the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus...
125 affected packages
linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...
| Package | 18.04 LTS |
|---|---|
| linux | Needs evaluation |
| linux-allwinner-5.19 | — |
| linux-aws | Needs evaluation |
| linux-aws-5.0 | Ignored |
| linux-aws-5.11 | — |
| linux-aws-5.13 | — |
| linux-aws-5.15 | — |
| linux-aws-5.19 | — |
| linux-aws-5.3 | Ignored |
| linux-aws-5.4 | Needs evaluation |
| linux-aws-5.8 | — |
| linux-aws-6.2 | — |
| linux-aws-6.5 | — |
| linux-aws-6.8 | — |
| linux-aws-fips | — |
| linux-aws-hwe | — |
| linux-azure | Ignored |
| linux-azure-4.15 | Needs evaluation |
| linux-azure-5.11 | — |
| linux-azure-5.13 | — |
| linux-azure-5.15 | — |
| linux-azure-5.19 | — |
| linux-azure-5.3 | Ignored |
| linux-azure-5.4 | Needs evaluation |
| linux-azure-5.8 | — |
| linux-azure-6.2 | — |
| linux-azure-6.5 | — |
| linux-azure-6.8 | — |
| linux-azure-edge | Ignored |
| linux-azure-fde | — |
| linux-azure-fde-5.15 | — |
| linux-azure-fde-5.19 | — |
| linux-azure-fde-6.2 | — |
| linux-azure-fips | — |
| linux-bluefield | — |
| linux-fips | — |
| linux-gcp | Ignored |
| linux-gcp-4.15 | Needs evaluation |
| linux-gcp-5.11 | — |
| linux-gcp-5.13 | — |
| linux-gcp-5.15 | — |
| linux-gcp-5.19 | — |
| linux-gcp-5.3 | Ignored |
| linux-gcp-5.4 | Needs evaluation |
| linux-gcp-5.8 | — |
| linux-gcp-6.2 | — |
| linux-gcp-6.5 | — |
| linux-gcp-6.8 | — |
| linux-gcp-fips | — |
| linux-gke | — |
| linux-gke-4.15 | Ignored |
| linux-gke-5.15 | — |
| linux-gke-5.4 | Ignored |
| linux-gkeop | — |
| linux-gkeop-5.15 | — |
| linux-gkeop-5.4 | Ignored |
| linux-hwe | Ignored |
| linux-hwe-5.11 | — |
| linux-hwe-5.13 | — |
| linux-hwe-5.15 | — |
| linux-hwe-5.19 | — |
| linux-hwe-5.4 | Needs evaluation |
| linux-hwe-5.8 | — |
| linux-hwe-6.2 | — |
| linux-hwe-6.5 | — |
| linux-hwe-6.8 | — |
| linux-hwe-edge | Ignored |
| linux-ibm | — |
| linux-ibm-5.15 | — |
| linux-ibm-5.4 | Needs evaluation |
| linux-intel-5.13 | — |
| linux-intel-iot-realtime | — |
| linux-intel-iotg | — |
| linux-intel-iotg-5.15 | — |
| linux-iot | — |
| linux-kvm | Needs evaluation |
| linux-lowlatency | — |
| linux-lowlatency-hwe-5.15 | — |
| linux-lowlatency-hwe-5.19 | — |
| linux-lowlatency-hwe-6.2 | — |
| linux-lowlatency-hwe-6.5 | — |
| linux-lowlatency-hwe-6.8 | — |
| linux-lts-xenial | — |
| linux-nvidia | — |
| linux-nvidia-6.2 | — |
| linux-nvidia-6.5 | — |
| linux-nvidia-6.8 | — |
| linux-nvidia-lowlatency | — |
| linux-oem | Ignored |
| linux-oem-5.10 | — |
| linux-oem-5.13 | — |
| linux-oem-5.14 | — |
| linux-oem-5.17 | — |
| linux-oem-5.6 | — |
| linux-oem-6.0 | — |
| linux-oem-6.1 | — |
| linux-oem-6.11 | — |
| linux-oem-6.5 | — |
| linux-oem-6.8 | — |
| linux-oracle | Needs evaluation |
| linux-oracle-5.0 | Ignored |
| linux-oracle-5.11 | — |
| linux-oracle-5.13 | — |
| linux-oracle-5.15 | — |
| linux-oracle-5.3 | Ignored |
| linux-oracle-5.4 | Needs evaluation |
| linux-oracle-5.8 | — |
| linux-oracle-6.5 | — |
| linux-oracle-6.8 | — |
| linux-raspi | — |
| linux-raspi-5.4 | Needs evaluation |
| linux-raspi-realtime | — |
| linux-raspi2 | — |
| linux-realtime | — |
| linux-riscv | — |
| linux-riscv-5.11 | — |
| linux-riscv-5.15 | — |
| linux-riscv-5.19 | — |
| linux-riscv-5.8 | — |
| linux-riscv-6.5 | — |
| linux-riscv-6.8 | — |
| linux-starfive-5.19 | — |
| linux-starfive-6.2 | — |
| linux-starfive-6.5 | — |
| linux-xilinx-zynqmp | — |