Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-1988 | 6.0 |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute ar
|
02-02-2024 - 15:14 | 29-05-2012 - 20:55 | |
CVE-2012-3465 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web scri
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-3424 | 5.0 |
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attac
|
08-08-2019 - 15:42 | 08-08-2012 - 10:26 | |
CVE-2012-3463 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the pr
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-3464 | 4.3 |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HT
|
08-08-2019 - 15:42 | 10-08-2012 - 10:34 | |
CVE-2012-2660 | 6.4 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2694 | 4.3 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2661 | 5.0 |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-2695 | 7.5 |
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certai
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
CVE-2012-1986 | 2.1 |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbi
|
11-07-2019 - 15:09 | 29-05-2012 - 20:55 | |
CVE-2012-1987 | 3.5 |
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (m
|
11-07-2019 - 15:09 | 29-05-2012 - 20:55 | |
CVE-2012-3867 | 4.3 |
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it eas
|
10-07-2019 - 18:02 | 06-08-2012 - 16:55 | |
CVE-2012-3865 | 3.5 |
Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on
|
10-07-2019 - 18:02 | 06-08-2012 - 16:55 | |
CVE-2012-3864 | 4.0 |
Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.
|
10-07-2019 - 18:02 | 06-08-2012 - 16:55 | |
CVE-2012-2139 | 5.0 |
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
|
07-10-2013 - 16:18 | 18-07-2012 - 18:55 | |
CVE-2012-2140 | 7.5 |
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
|
30-10-2012 - 04:03 | 18-07-2012 - 18:55 |