Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-8165 7.5
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
17-10-2020 - 12:15 19-06-2020 - 18:15
CVE-2020-15169 4.3
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpe
09-10-2020 - 21:15 11-09-2020 - 16:15
CVE-2020-8164 5.0
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
30-09-2020 - 18:15 19-06-2020 - 17:15
CVE-2020-8164 5.0
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
30-09-2020 - 18:15 19-06-2020 - 17:15
CVE-2020-8165 7.5
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
25-09-2020 - 12:15 19-06-2020 - 18:15
CVE-2020-8166 4.3
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
25-09-2020 - 12:15 02-07-2020 - 19:15
CVE-2020-8167 4.3
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
25-09-2020 - 12:15 19-06-2020 - 18:15
CVE-2020-8162 5.0
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
25-09-2020 - 12:15 19-06-2020 - 17:15
CVE-2020-15169 4.3
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpe
25-09-2020 - 12:15 11-09-2020 - 16:15
CVE-2020-8166 4.3
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
25-09-2020 - 12:15 02-07-2020 - 19:15
CVE-2020-8162 5.0
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
25-09-2020 - 12:15 19-06-2020 - 17:15
CVE-2020-8167 4.3
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
25-09-2020 - 12:15 19-06-2020 - 18:15
Back to Top Mark selected
Back to Top