CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2170 matches found

CNVD•added 2017/07/27 12:0 a.m.•1 views

Foreman rubygem-safemode security bypass vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in rubygem-safemode in Foreman 1.3.2 and earlier versions. An attacker c...

9.8CVSS6.8AI score0.00289EPSS

Exploits0References1

Tenable Nessus•added 2017/07/27 12:0 a.m.•19 views

Fedora 25 : rubygem-rack-cors (2017-c22a8af4e9)

Security fix for CVE-2017-11173, new upstream version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

8.8CVSS7.8AI score0.0175EPSS

Exploits0References2

Tenable Nessus•added 2017/07/26 12:0 a.m.•47 views

openSUSE Security Update : rubygem-puppet (openSUSE-2017-835)

This update for rubygem-puppet fixes the following issues : - CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution bsc1040151 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

8.2CVSS7AI score0.01449EPSS

Exploits0References2

OPENSUSE Linux•added 2017/07/25 12:11 a.m.•75 views

Security update for rubygem-puppet (important)

This update for rubygem-puppet fixes the following issues: - CVE-2017-2295: A remote attacker could have forced unsafe YAML deserialization which could have led to code execution bsc1040151...

6CVSS3.3AI score0.01449EPSS

Exploits0References1

OpenVAS•added 2017/07/25 12:0 a.m.•26 views

openSUSE: Security Advisory for rubygem-puppet (openSUSE-SU-2017:1948-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.2CVSS8.3AI score0.01449EPSS

Exploits0References1

OpenVAS•added 2017/07/25 12:0 a.m.•19 views

Fedora Update for rubygem-rack-cors FEDORA-2017-c22a8af4e9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.0175EPSS

Exploits0References2

OSV•added 2017/07/21 10:29 p.m.•6 views

CVE-2017-7540

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...

9.8CVSS7.5AI score

Exploits0References1

NVD•added 2017/07/21 10:29 p.m.•5 views

CVE-2017-7540

9.8CVSS9.7AI score0.00289EPSS

Exploits0References1

Prion•added 2017/07/21 10:29 p.m.•6 views

Privilege escalation

7.5CVSS9.7AI score0.00289EPSS

Exploits0References1Affected Software1

CVE•added 2017/07/21 10:0 p.m.•67 views

CVE-2017-7540

The CVE-2017-7540 entry concerns rubygem-safemode used by Foreman up to v1.3.2. Concrete details in connected documents indicate a bypass of safe mode restrictions via special Ruby syntax, allowing deletion of objects without delete permissions and potential privilege escalation. Affected compone...

9.8CVSS9.7AI score0.00289EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2017/07/20 10:19 a.m.•11 views

CVE-2017-7540

9.8CVSS4.9AI score0.00289EPSS

Exploits0References1

OSV•added 2017/05/16 1:42 p.m.•5 views

SUSE-SU-2017:1316-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes this security issue: - CVE-2016-10345: A known /tmp filename was used during passenger-install-nginx-module execution, which could have allowed local attackers to gain the privileges of the passenger user bsc1034594...

7.8CVSS7.7AI score0.00064EPSS

Exploits0References3

Tenable Nessus•added 2017/02/10 12:0 a.m.•39 views

openSUSE Security Update : rubygem-minitar (openSUSE-2017-231)

This update for rubygem-minitar fixes the following issues : - CVE-2016-10173: Fixed a directory traversal vulnerability in rubygem-minitar, rubygem-archive-tar-minitar. boo1021740 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

7.5CVSS7.1AI score0.02922EPSS

Exploits1References2

OSV•added 2016/12/12 8:35 a.m.•10 views

SUSE-SU-2016:3084-1 Security update for Docker and dependencies

This update for Docker and its dependencies fixes the following issues: - fix runc and containerd revisions bsc1009961 docker: - Updates version 1.11.2 to 1.12.3 bsc1004490, bsc996015, bsc995058 - Fix ambient capability usage in containers bsc1007249, CVE-2016-8867 - Change the internal mountpoin...

7.5CVSS8AI score0.00395EPSS

Exploits0References17

OpenVAS•added 2016/12/07 12:0 a.m.•28 views

Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.01626EPSS

Exploits2References2

OpenVAS•added 2016/12/07 12:0 a.m.•31 views

Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76

7.5CVSS6.5AI score0.01626EPSS

Exploits2References2

OpenVAS•added 2016/12/07 12:0 a.m.•29 views

Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76

7.5CVSS6.5AI score0.01626EPSS

Exploits2References2

OpenVAS•added 2016/12/07 12:0 a.m.•30 views

Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76