Max CVSS 7.5 Min CVSS 2.7 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-10328 6.5
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
25-10-2023 - 18:16 31-05-2019 - 15:29
CVE-2018-16889 5.0
Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable.
13-02-2023 - 04:52 28-01-2019 - 14:29
CVE-2013-4492 4.3
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
13-02-2023 - 04:47 07-12-2013 - 00:55
CVE-2017-15137 5.0
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
12-02-2023 - 23:28 16-07-2018 - 20:29
CVE-2017-12191 7.5
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this a
12-02-2023 - 23:28 28-02-2018 - 13:29
CVE-2018-3741 4.3
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ca
30-01-2023 - 16:10 30-03-2018 - 19:29
CVE-2018-14662 2.7
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.
19-04-2022 - 15:42 15-01-2019 - 21:29
CVE-2018-16846 4.0
It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.
19-04-2022 - 15:42 15-01-2019 - 18:29
CVE-2012-6685 5.0
Nokogiri before 1.5.4 is vulnerable to XXE attacks
25-02-2020 - 18:35 19-02-2020 - 15:15
CVE-2018-8048 4.3
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
22-11-2019 - 09:15 27-03-2018 - 17:29
CVE-2017-15125 3.5
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application admi
09-10-2019 - 23:24 27-07-2018 - 15:29
CVE-2017-15138 4.0
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
09-10-2019 - 23:24 13-08-2018 - 17:29
CVE-2018-11627 4.3
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
26-02-2019 - 15:03 31-05-2018 - 19:29
Back to Top Mark selected
Back to Top