Max CVSS 7.5 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2013-0186 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
05-11-2019 - 21:30 01-11-2019 - 19:15
CVE-2014-0081 4.3
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML
08-08-2019 - 15:42 20-02-2014 - 15:27
CVE-2014-0082 5.0
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memor
08-08-2019 - 15:42 20-02-2014 - 15:27
CVE-2013-4164 6.8
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute
09-01-2018 - 02:29 23-11-2013 - 19:55
CVE-2014-3642 6.5
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."
07-10-2014 - 17:22 06-10-2014 - 14:55
CVE-2014-0140 4.0
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
07-10-2014 - 14:56 06-10-2014 - 14:55
CVE-2014-0057 7.5
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.
19-03-2014 - 14:03 18-03-2014 - 17:02
Back to Top Mark selected
Back to Top