FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
748aa89f-d529-11e1-82ab-001fd0af1a4c	rubygem-activerecord -- multiple vulnerabilities rubygem-activerecord -- multiple vulernabilities Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with "IS NULL" where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL where most users wouldn't expect it. Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries. Discovery 2012-05-31 Entry 2012-07-23 Modified 2012-07-23 rubygem-activemodel < 3.2.4 CVE-2012-2660 CVE-2012-2661 https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8 https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/dUaiOOGWL1k
6a806960-3016-44ed-8575-8614a7cb57c7	rails -- multiple vulnerabilities Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16 are: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6417 The security fixes in 4.0.2 are: CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417 Discovery 2013-12-03 Entry 2013-12-08 Modified 2014-04-23 rubygem-actionmailer < 3.2.16 rubygem-actionpack < 3.2.16 rubygem-activemodel < 3.2.16 rubygem-activerecord < 3.2.16 rubygem-activeresource < 3.2.16 rubygem-activesupport < 3.2.16 rubygem-rails < 3.2.16 rubygem-railties < 3.2.16 rubygem-actionpack4 < 4.0.2 rubygem-activesupport4 < 4.0.2 CVE-2013-4491 CVE-2013-6414 CVE-2013-6415 CVE-2013-6416 CVE-2013-6417 http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

VuXML ID

Description

748aa89f-d529-11e1-82ab-001fd0af1a4c

rubygem-activerecord -- multiple vulnerabilities

rubygem-activerecord -- multiple vulernabilities

Discovery 2012-05-31
Entry 2012-07-23
Modified 2012-07-23
rubygem-activemodel

CVE-2012-2660
CVE-2012-2661
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/dUaiOOGWL1k

6a806960-3016-44ed-8575-8614a7cb57c7

rails -- multiple vulnerabilities

Rails weblog:

Discovery 2013-12-03
Entry 2013-12-08
Modified 2014-04-23
rubygem-actionmailer

rubygem-actionpack

rubygem-activemodel

rubygem-activerecord

rubygem-activeresource

rubygem-activesupport

rubygem-rails

rubygem-railties

rubygem-actionpack4

rubygem-activesupport4

CVE-2013-4491
CVE-2013-6414
CVE-2013-6415
CVE-2013-6416
CVE-2013-6417
http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/