Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2012-6496 7.5
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior o
08-08-2019 - 15:42 04-01-2013 - 04:46
CVE-2012-6109 4.3
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposio
13-08-2018 - 21:47 01-03-2013 - 05:40
CVE-2013-0183 5.0
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
13-08-2018 - 21:47 01-03-2013 - 05:40
CVE-2012-5604 4.3
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.
12-05-2018 - 01:29 01-03-2013 - 05:40
CVE-2012-5603 5.5
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "c
29-08-2017 - 01:32 04-01-2013 - 22:55
CVE-2013-0184 4.3
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitr
31-10-2013 - 03:30 01-03-2013 - 05:40
CVE-2012-5561 2.1
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
01-03-2013 - 15:51 01-03-2013 - 05:40
CVE-2013-0162 2.1
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
01-03-2013 - 05:40 01-03-2013 - 05:40
Back to Top Mark selected
Back to Top