Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
1104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3463 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. | ||||
| CVE-2013-0162 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 4 1, Openshift, 1.2 and 1 more | 2025-04-11 | N/A |
| The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
| CVE-2014-1869 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). | ||||
| CVE-2012-3424 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | ||||
| CVE-2013-4152 | 3 Redhat, Springsource, Vmware | 6 Jboss Amq, Jboss Enterprise Soa Platform, Jboss Fuse and 3 more | 2025-04-11 | N/A |
| The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. | ||||
| CVE-2012-4522 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Openshift, Ruby | 2025-04-11 | N/A |
| The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | ||||
| CVE-2013-2186 | 2 Redhat, Ubuntu | 7 Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Soa Platform and 4 more | 2025-04-11 | N/A |
| The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | ||||
| CVE-2013-0156 | 5 Cloudforms Cloudengine, Debian, Redhat and 2 more | 6 1, Debian Linux, Openshift and 3 more | 2025-04-11 | N/A |
| active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. | ||||
| CVE-2013-2175 | 4 Canonical, Debian, Haproxy and 1 more | 6 Ubuntu Linux, Debian Linux, Haproxy and 3 more | 2025-04-11 | N/A |
| HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. | ||||
| CVE-2012-6496 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. | ||||
| CVE-2013-4287 | 3 Redhat, Ruby-lang, Rubygems | 7 Enterprise Linux, Enterprise Mrg, Openshift and 4 more | 2025-04-11 | N/A |
| Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. | ||||
| CVE-2013-2035 | 1 Redhat | 12 Fuse Mq Enterprise, Hawtjni, Jboss Amq and 9 more | 2025-04-11 | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | ||||
| CVE-2013-0269 | 3 Redhat, Rhel Sam, Rubygems | 6 Fuse Esb Enterprise, Jboss Enterprise Soa Platform, Jboss Fuse and 3 more | 2025-04-11 | N/A |
| The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." | ||||
| CVE-2012-2695 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 5 1, Openshift, 1.1 and 2 more | 2025-04-11 | N/A |
| The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. | ||||
| CVE-2013-1808 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed. | ||||
| CVE-2012-6074 | 3 Cloudbees, Jenkins, Redhat | 3 Jenkins, Jenkins, Openshift | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-5371 | 2 Redhat, Ruby-lang | 2 Openshift, Ruby | 2025-04-11 | N/A |
| Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. | ||||
| CVE-2013-1912 | 2 Haproxy, Redhat | 3 Haproxy, Enterprise Linux, Openshift | 2025-04-11 | N/A |
| Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted pipelined HTTP requests that prevent request realignment from occurring. | ||||
| CVE-2013-1857 | 3 Redhat, Rhel Sam, Rubyonrails | 5 Enterprise Linux, Openshift, 1.4 and 2 more | 2025-04-11 | N/A |
| The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. | ||||
| CVE-2012-6073 | 3 Cloudbees, Jenkins, Redhat | 3 Jenkins, Jenkins, Openshift | 2025-04-11 | N/A |
| Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||