Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subscription asset manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello -
Katello Katello-configure
NA
CVE-2012-5561
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
Katello Katello 1.1
NA
CVE-2013-0256
darkfish.js in RDoc 2.3.0 up to and including 3.12 and 4.x prior to 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL.
Ruby-lang Rdoc
Ruby-lang Rdoc 4.0.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby 2.0.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
NA
CVE-2013-0162
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and previous versions for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Ryan Davis Ruby Parser 2.2.0
Ryan Davis Ruby Parser 3.0.0.a6
Ryan Davis Ruby Parser 3.0.4
Ryan Davis Ruby Parser 3.0.0.a7
Ryan Davis Ruby Parser 3.0.1
Ryan Davis Ruby Parser 3.0.0
Ryan Davis Ruby Parser 3.0.0.a8
Ryan Davis Ruby Parser 3.0.0.a2
Ryan Davis Ruby Parser 2.0.1
Ryan Davis Ruby Parser 2.3.1
Ryan Davis Ruby Parser 3.0.0.a5
Ryan Davis Ruby Parser 3.0.0.a3
Ryan Davis Ruby Parser 2.0.3
Ryan Davis Ruby Parser 3.0.3
Ryan Davis Ruby Parser 2.0.6
Ryan Davis Ruby Parser 1.0.0
Ryan Davis Ruby Parser 3.0.2
Ryan Davis Ruby Parser 3.0.0.a9
Ryan Davis Ruby Parser 2.3.0
Ryan Davis Ruby Parser 3.0.0.a10
Ryan Davis Ruby Parser
Ryan Davis Ruby Parser 2.0.0
NA
CVE-2013-0269
The JSON gem prior to 1.5.5, 1.6.x prior to 1.6.8, and 1.7.x prior to 1.7.7 for Ruby allows remote malicious users to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbi...
Rubygems Json Gem 1.7.1
Rubygems Json Gem 1.7.0
Rubygems Json Gem 1.6.1
Rubygems Json Gem 1.6.0
Rubygems Json Gem 1.7.6
Rubygems Json Gem 1.7.5
Rubygems Json Gem 1.6.5
Rubygems Json Gem 1.6.4
Rubygems Json Gem 1.5.2
Rubygems Json Gem 1.5.1
Rubygems Json Gem 1.7.4
Rubygems Json Gem 1.7.3
Rubygems Json Gem 1.7.2
Rubygems Json Gem 1.6.3
Rubygems Json Gem 1.6.2
Rubygems Json Gem 1.5.0
Rubygems Json Gem 1.6.7
Rubygems Json Gem 1.6.6
Rubygems Json Gem 1.5.4
Rubygems Json Gem 1.5.3
1 Github repository
NA
CVE-2013-0276
ActiveRecord in Ruby on Rails prior to 2.3.17, 3.1.x prior to 3.1.11, and 3.2.x prior to 3.2.12 allows remote malicious users to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
3 Github repositories
NA
CVE-2013-0263
Rack::Session::Cookie in Rack 1.5.x prior to 1.5.2, 1.4.x prior to 1.4.5, 1.3.x prior to 1.3.10, 1.2.x prior to 1.2.8, and 1.1.x prior to 1.1.6 allows remote malicious users to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an ...
Rack Project Rack 1.5.1
Rack Project Rack 1.5.0
Rack Project Rack 1.4.4
Rack Project Rack 1.4.2
Rack Project Rack 1.4.3
Rack Project Rack 1.4.0
Rack Project Rack 1.4.1
Rack Project Rack 1.3.1
Rack Project Rack 1.3.7
Rack Project Rack 1.3.8
Rack Project Rack 1.3.2
Rack Project Rack 1.3.5
Rack Project Rack 1.3.9
Rack Project Rack 1.3.6
Rack Project Rack 1.3.0
Rack Project Rack 1.3.4
Rack Project Rack 1.3.3
Rack Project Rack 1.2.6
Rack Project Rack 1.2.3
Rack Project Rack 1.2.0
Rack Project Rack 1.2.7
Rack Project Rack 1.2.1
4 Github repositories
NA
CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms prior to 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID"...
Redhat Cloudforms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2