CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2014-3483 – rubygem-activerecord: SQL injection vulnerability in 'range' quoting
https://notcve.org/view.php?id=CVE-2014-3483
07 Jul 2014 — SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. Vulnerabilidad de inyección SQL en activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb en el adaptador PostgreSQL para Active Record en Ruby on Rails 4.x anterior a 4.0.7 y 4.1.x anterior a ... • http://openwall.com/lists/oss-security/2014/07/02/5 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 20%CPEs: 39EXPL: 1CVE-2014-0130 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2014-0130
07 May 2014 — Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. Vulnerabilidad de salto de directorio en actionpack/lib/abstract_controller/base.rb en la implementación implicit-render en Ruby on Rails anterior a 3.2.18, 4.0.x anterior a 4.0.5 y 4.1.x ant... • https://github.com/omarkurt/cve-2014-0130 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0080
https://notcve.org/view.php?id=CVE-2014-0080
20 Feb 2014 — SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. Vulnerabilidad de inyección SQL en activerecord/lib/active_record/connection_adapters/postgresql/cast.rb en Active Record en Ruby on Rails 4.0.x an... • http://openwall.com/lists/oss-security/2014/02/18/9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 186EXPL: 0CVE-2014-0081 – rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
https://notcve.org/view.php?id=CVE-2014-0081
20 Feb 2014 — Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Múltiples vulnerabilidades de XSS en actionview/lib/action_view/helpers/number_helper.rb en Ruby on Rails ante... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •