Max CVSS 8.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2013-4492 4.3
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
04-05-2021 - 09:08 07-12-2013 - 00:55
CVE-2013-4423 2.1
CloudForms stores user passwords in recoverable format
06-11-2019 - 16:48 04-11-2019 - 13:15
CVE-2013-4389 4.3
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly
08-08-2019 - 15:42 17-10-2013 - 00:55
CVE-2014-7819 5.0
Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.
18-12-2018 - 17:27 08-11-2014 - 11:55
CVE-2013-0185 6.8
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
13-06-2018 - 14:13 01-05-2018 - 19:29
CVE-2013-2049 5.0
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
13-06-2018 - 14:11 01-05-2018 - 19:29
CVE-2013-1900 8.5
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors relat
20-10-2017 - 01:29 04-04-2013 - 17:55
CVE-2013-2050 7.5
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the
29-08-2017 - 01:33 11-01-2014 - 01:55
CVE-2015-1820 7.5
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
21-08-2017 - 16:34 09-08-2017 - 18:29
CVE-2015-3448 2.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
06-12-2016 - 03:01 29-04-2015 - 20:59
CVE-2014-3642 6.5
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."
07-10-2014 - 17:22 06-10-2014 - 14:55
CVE-2014-0140 4.0
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
07-10-2014 - 14:56 06-10-2014 - 14:55
CVE-2013-1899 6.5
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration setti
01-12-2013 - 04:27 04-04-2013 - 17:55
CVE-2013-1901 4.0
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. Pe
01-12-2013 - 04:27 04-04-2013 - 17:55
CVE-2013-4172 8.5
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
27-08-2013 - 13:51 23-08-2013 - 16:55
Back to Top Mark selected
Back to Top