Total
30485 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2639 | 2023-11-07 | N/A | ||
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
CVE-2007-5317 | 2023-11-07 | N/A | ||
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-5292. Reason: This candidate is a duplicate of CVE-2007-5292. Notes: All CVE users should reference CVE-2007-5292 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | ||||
CVE-2023-28362 | 1 Redhat | 1 Satellite | 2023-06-27 | 4.7 Medium |
A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header. | ||||
CVE-2023-23913 | 2023-03-20 | 7.5 High | ||
A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting (XSS), which could lead to stolen information, phishing attacks, and other types of attacks. | ||||
CVE-2023-28120 | 1 Redhat | 1 Logging | 2023-03-15 | 6.1 Medium |
A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. |