Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/prince@9.0r2-4?arch=el6cf
purl pkg:rpm/redhat/prince@9.0r2-4?arch=el6cf
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (18)
Vulnerability Summary Fixed by
VCID-5sfa-s7xw-cyeg
Aliases:
CVE-2014-0140
CFME: default routes expose controllers and actions There are no reported fixed by versions.
VCID-65ha-wgr4-eqd4
Aliases:
CVE-2013-4492
GHSA-r5hc-9xx5-97rw
Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. There are no reported fixed by versions.
VCID-6wud-ngbu-rqch
Aliases:
CVE-2014-2669
Multiple vulnerabilities have been found in PostgreSQL, the worst of which may allow remote Denial of Service. There are no reported fixed by versions.
VCID-8cbh-gwwy-n3eq
Aliases:
CVE-2014-0064
Potential buffer overruns due to integer overflow in size calculations.more details There are no reported fixed by versions.
VCID-8j4f-u2tq-1qev
Aliases:
CVE-2014-0061
Privilege escalation via calls to validator functions.more details There are no reported fixed by versions.
VCID-e3j5-xgbr-2qa1
Aliases:
CVE-2013-4389
GHSA-rg5m-3fqp-6px8
OSV-98629
Possible DoS Vulnerability A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number` There are no reported fixed by versions.
VCID-g4zx-p5dt-cba8
Aliases:
CVE-2014-0078
CFME: multiple authorization bypass vulnerabilities in CatalogController There are no reported fixed by versions.
VCID-g8de-56gr-37cf
Aliases:
CVE-2014-7819
GHSA-33pp-3763-mrfp
OSV-113965
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists. There are no reported fixed by versions.
VCID-jggb-58ap-ybab
Aliases:
CVE-2015-3448
GHSA-mx9f-w8qq-q5jf
Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information. There are no reported fixed by versions.
VCID-kbgc-w2jw-auh8
Aliases:
CVE-2014-0062
Race condition in CREATE INDEX allows for privilege escalation.more details There are no reported fixed by versions.
VCID-nf8s-2aaa-17fw
Aliases:
CVE-2013-6417
GHSA-wpw7-wxjm-cw8r
OSV-100527
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses. There are no reported fixed by versions.
VCID-nrjc-ndqj-wkak
Aliases:
CVE-2014-0137
CFME: ReportController SQL injection There are no reported fixed by versions.
VCID-nz16-gzhk-h3c1
Aliases:
CVE-2014-0065
Potential buffer overruns of fixed-size buffers.more details There are no reported fixed by versions.
VCID-pvxg-byvu-pbec
Aliases:
CVE-2014-0066
Potential null pointer dereference crash when crypt(3) returns NULL.more details There are no reported fixed by versions.
VCID-reab-s9cu-yudn
Aliases:
CVE-2014-0063
Potential buffer overruns in datetime input/output.more details There are no reported fixed by versions.
VCID-vhdm-w6p1-uuh9
Aliases:
CVE-2015-1820
GHSA-3fhf-6939-qg8p
OSV-119878
Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request. There are no reported fixed by versions.
VCID-w518-wkek-97ag
Aliases:
CVE-2014-0060
SET ROLE bypasses lack of ADMIN OPTION.more details There are no reported fixed by versions.
VCID-wyku-upny-vuhk
Aliases:
CVE-2014-3642
CFME: dangerous send method in performance.rb There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:49:45.790382+00:00 RedHat Importer Affected by VCID-e3j5-xgbr-2qa1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json 38.0.0
2026-04-01T14:49:24.693740+00:00 RedHat Importer Affected by VCID-nf8s-2aaa-17fw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json 38.0.0
2026-04-01T14:49:17.869564+00:00 RedHat Importer Affected by VCID-65ha-wgr4-eqd4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json 38.0.0
2026-04-01T14:48:50.027818+00:00 RedHat Importer Affected by VCID-6wud-ngbu-rqch https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2669.json 38.0.0
2026-04-01T14:48:49.908780+00:00 RedHat Importer Affected by VCID-pvxg-byvu-pbec https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0066.json 38.0.0
2026-04-01T14:48:49.793915+00:00 RedHat Importer Affected by VCID-nz16-gzhk-h3c1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0065.json 38.0.0
2026-04-01T14:48:49.680164+00:00 RedHat Importer Affected by VCID-8cbh-gwwy-n3eq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0064.json 38.0.0
2026-04-01T14:48:49.562371+00:00 RedHat Importer Affected by VCID-reab-s9cu-yudn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0063.json 38.0.0
2026-04-01T14:48:49.448601+00:00 RedHat Importer Affected by VCID-kbgc-w2jw-auh8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0062.json 38.0.0
2026-04-01T14:48:49.336025+00:00 RedHat Importer Affected by VCID-8j4f-u2tq-1qev https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0061.json 38.0.0
2026-04-01T14:48:49.223070+00:00 RedHat Importer Affected by VCID-w518-wkek-97ag https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0060.json 38.0.0
2026-04-01T14:47:54.653470+00:00 RedHat Importer Affected by VCID-nrjc-ndqj-wkak https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0137.json 38.0.0
2026-04-01T14:47:54.589652+00:00 RedHat Importer Affected by VCID-g4zx-p5dt-cba8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0078.json 38.0.0
2026-04-01T14:45:50.073307+00:00 RedHat Importer Affected by VCID-wyku-upny-vuhk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3642.json 38.0.0
2026-04-01T14:45:47.718063+00:00 RedHat Importer Affected by VCID-5sfa-s7xw-cyeg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0140.json 38.0.0
2026-04-01T14:45:30.976314+00:00 RedHat Importer Affected by VCID-g8de-56gr-37cf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json 38.0.0
2026-04-01T14:45:01.105635+00:00 RedHat Importer Affected by VCID-jggb-58ap-ybab https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json 38.0.0
2026-04-01T14:42:25.244828+00:00 RedHat Importer Affected by VCID-vhdm-w6p1-uuh9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json 38.0.0