Search CVE reports
281 – 290 of 48160 results
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. ...
1 affected package
bcrypt
| Package | 16.04 LTS |
|---|---|
| bcrypt | Needs evaluation |
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public...
1 affected package
freeciv
| Package | 16.04 LTS |
|---|---|
| freeciv | Needs evaluation |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys directly to `Dir.glob` without...
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path...
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing...
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the...
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob....
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly...
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to insert thousands delimiters....
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the...
1 affected package
rails
| Package | 16.04 LTS |
|---|---|
| rails | Needs evaluation |