VulnerableCode Package Details - pkg:rpm/redhat/cfme-vnc-plugin@1.0.0-2?arch=el6cf

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/cfme-vnc-plugin@1.0.0-2?arch=el6cf

Essentials
History (15)

purl	pkg:rpm/redhat/cfme-vnc-plugin@1.0.0-2?arch=el6cf

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-23ur-7nqb-tybr Aliases: CVE-2013-0185	EVM: CSRF	There are no reported fixed by versions.
VCID-5sfa-s7xw-cyeg Aliases: CVE-2014-0140	CFME: default routes expose controllers and actions	There are no reported fixed by versions.
VCID-65ha-wgr4-eqd4 Aliases: CVE-2013-4492 GHSA-r5hc-9xx5-97rw	Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.	There are no reported fixed by versions.
VCID-a8g4-d3m8-uub1 Aliases: CVE-2013-4423	CloudForms: user password stored in recoverable format	There are no reported fixed by versions.
VCID-e3j5-xgbr-2qa1 Aliases: CVE-2013-4389 GHSA-rg5m-3fqp-6px8 OSV-98629	Possible DoS Vulnerability A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number`	There are no reported fixed by versions.
VCID-g4tm-8zhw-a7hn Aliases: CVE-2013-1900	Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guessmore details	There are no reported fixed by versions.
VCID-g8de-56gr-37cf Aliases: CVE-2014-7819 GHSA-33pp-3763-mrfp OSV-113965	Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists.	There are no reported fixed by versions.
VCID-jggb-58ap-ybab Aliases: CVE-2015-3448 GHSA-mx9f-w8qq-q5jf	Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.	There are no reported fixed by versions.
VCID-krve-mwjb-93at Aliases: CVE-2013-4172	interface: Ruby code injection	There are no reported fixed by versions.
VCID-m86x-54rz-2uat Aliases: CVE-2013-2050	2: miq_policy/explorer SQL injection	There are no reported fixed by versions.
VCID-n3ka-63rx-5fgk Aliases: CVE-2013-1899	A connection request containing a database name that begins with "-" may be crafted to damage or destroy files within a server's data directorymore details	There are no reported fixed by versions.
VCID-skb5-eeak-v7hz Aliases: CVE-2013-1901	An unprivileged user can run commands that could interfere with in-progress backups.more details	There are no reported fixed by versions.
VCID-ueq8-4dv4-eubu Aliases: CVE-2013-2049	2: static secret_token.rb value	There are no reported fixed by versions.
VCID-vhdm-w6p1-uuh9 Aliases: CVE-2015-1820 GHSA-3fhf-6939-qg8p OSV-119878	Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.	There are no reported fixed by versions.
VCID-wyku-upny-vuhk Aliases: CVE-2014-3642	CFME: dangerous send method in performance.rb	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:51:59.654723+00:00	RedHat Importer	Affected by	VCID-skb5-eeak-v7hz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1901.json	38.0.0
2026-04-01T14:51:57.731043+00:00	RedHat Importer	Affected by	VCID-g4tm-8zhw-a7hn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1900.json	38.0.0
2026-04-01T14:51:55.188301+00:00	RedHat Importer	Affected by	VCID-n3ka-63rx-5fgk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1899.json	38.0.0
2026-04-01T14:50:18.775312+00:00	RedHat Importer	Affected by	VCID-krve-mwjb-93at	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4172.json	38.0.0
2026-04-01T14:49:45.777224+00:00	RedHat Importer	Affected by	VCID-e3j5-xgbr-2qa1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json	38.0.0
2026-04-01T14:49:37.386390+00:00	RedHat Importer	Affected by	VCID-m86x-54rz-2uat	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2050.json	38.0.0
2026-04-01T14:49:35.047007+00:00	RedHat Importer	Affected by	VCID-ueq8-4dv4-eubu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2049.json	38.0.0
2026-04-01T14:49:32.950797+00:00	RedHat Importer	Affected by	VCID-23ur-7nqb-tybr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0185.json	38.0.0
2026-04-01T14:49:30.339304+00:00	RedHat Importer	Affected by	VCID-a8g4-d3m8-uub1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4423.json	38.0.0
2026-04-01T14:49:18.290258+00:00	RedHat Importer	Affected by	VCID-65ha-wgr4-eqd4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json	38.0.0
2026-04-01T14:45:50.505642+00:00	RedHat Importer	Affected by	VCID-wyku-upny-vuhk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3642.json	38.0.0
2026-04-01T14:45:48.198561+00:00	RedHat Importer	Affected by	VCID-5sfa-s7xw-cyeg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0140.json	38.0.0
2026-04-01T14:45:30.963449+00:00	RedHat Importer	Affected by	VCID-g8de-56gr-37cf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json	38.0.0
2026-04-01T14:45:01.090955+00:00	RedHat Importer	Affected by	VCID-jggb-58ap-ybab	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json	38.0.0
2026-04-01T14:42:28.915591+00:00	RedHat Importer	Affected by	VCID-vhdm-w6p1-uuh9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json	38.0.0