Filtered by vendor Cloudforms Cloudengine Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-1987 3 Cloudforms Cloudengine, Puppet, Puppetlabs 5 1, Puppet, Puppet Enterprise and 2 more 2024-08-06 N/A
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
CVE-2013-0333 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 5 1, Openshift, 1.1 and 2 more 2024-08-06 N/A
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
CVE-2013-0256 5 Canonical, Cloudforms Cloudengine, Redhat and 2 more 6 Ubuntu Linux, 1, Openshift and 3 more 2024-08-06 N/A
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
CVE-2013-0155 5 Cloudforms Cloudengine, Debian, Redhat and 2 more 6 1, Debian Linux, Openshift and 3 more 2024-08-06 N/A
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
CVE-2013-0156 5 Cloudforms Cloudengine, Debian, Redhat and 2 more 6 1, Debian Linux, Openshift and 3 more 2024-08-06 N/A
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
CVE-2013-0183 3 Cloudforms Cloudengine, Rack Project, Rhel Sam 3 1, Rack, 1.2 2024-08-06 N/A
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
CVE-2013-0162 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 4 1, Openshift, 1.2 and 1 more 2024-08-06 N/A
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2013-0184 3 Cloudforms Cloudengine, Rack Project, Rhel Sam 3 1, Rack, 1.2 2024-08-06 N/A
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."