Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-1988 | 6.0 |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute ar
|
02-02-2024 - 15:14 | 29-05-2012 - 20:55 | |
CVE-2013-0162 | 2.1 |
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
|
13-02-2023 - 04:38 | 01-03-2013 - 05:40 | |
CVE-2013-0183 | 5.0 |
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
|
13-02-2023 - 04:38 | 01-03-2013 - 05:40 | |
CVE-2013-0184 | 4.3 |
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitr
|
13-02-2023 - 04:38 | 01-03-2013 - 05:40 | |
CVE-2012-6109 | 4.3 |
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposio
|
13-02-2023 - 00:27 | 01-03-2013 - 05:40 | |
CVE-2012-3465 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web scri
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-3424 | 5.0 |
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attac
|
08-08-2019 - 15:42 | 08-08-2012 - 10:26 | |
CVE-2012-3463 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the pr
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-3464 | 4.3 |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HT
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-2660 | 6.4 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2694 | 4.3 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2661 | 5.0 |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2695 | 7.5 |
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certai
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-1986 | 2.1 |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbi
|
11-07-2019 - 15:09 | 29-05-2012 - 20:55 | |
CVE-2012-1987 | 3.5 |
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (m
|
11-07-2019 - 15:09 | 29-05-2012 - 20:55 | |
CVE-2012-3867 | 4.3 |
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it eas
|
10-07-2019 - 18:02 | 06-08-2012 - 16:55 | |
CVE-2012-3865 | 3.5 |
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on
|
10-07-2019 - 18:02 | 06-08-2012 - 16:55 | |
CVE-2012-3864 | 4.0 |
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
|
10-07-2019 - 18:02 | 06-08-2012 - 16:55 | |
CVE-2012-5603 | 5.5 |
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "c
|
29-08-2017 - 01:32 | 04-01-2013 - 22:55 | |
CVE-2012-2139 | 5.0 |
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
|
07-10-2013 - 16:18 | 18-07-2012 - 18:55 | |
CVE-2012-5561 | 2.1 |
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
|
01-03-2013 - 15:51 | 01-03-2013 - 05:40 | |
CVE-2012-2140 | 7.5 |
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
|
30-10-2012 - 04:03 | 18-07-2012 - 18:55 |